ملخص: Recently, Peyravian and Je.ries [M. Peyravian, C. Je.ries, Secure remote user access over insecure networks, Computer Communications 29 (2006) 660–667] have proposed two set of protocols to perform remote user authentication and password change in a secure manner. The .rst set of protocols is based on hash functions, where no symmetric or asymmetric encryption scheme is applied. As Peyravian and Je.ries claim, these protocols su.er from an o.-line password-guessing attack. They propose a second set of protocols based on Di.e– Hellman key agreement scheme to overcome the mentioned weakness. However, we show in this paper that this second set of protocols su.ers also from the o.-line password-guessing attack when a server impersonation attack is performed.

لغة: إنجليزية