In this paper, we review certain password scheme that using a smart card. The scheme verifies the logon password without password file. The idea of that scheme based on both integer factoring and discrete logarithm problem. Also, we describe some schemes which indicated there are two security problems in that password-typed smart card scheme, these are impersonation and offline password guessing attack. Then, we analyze the protection defenseless of the scheme. Assume that the hacker gains to calculate the modular exponentiation at both sides of the password scheme, with intercepted retrieve request, the hacker can create new access request with a successful enter into the remote server.
展开▼