摘要:In recent years, many password-based remote user authentication schemes have been presented. In 2003, Shen et al. proposed a timestamp-based password authentication scheme using smart cards. In their scheme, the server does not need to maintain any verification table and only stores a secret key. However, Awasthi et al. found that Shen et al.’s scheme is vulnerable to impersonation attacks with the stolen card. Awasthi et al. proposed an improved remote user authentication scheme based smart cards. Unfortunately, the improved version is still insecure. We show that Awasthi et al.’s scheme is vulnerable to offline password guessing attacks, password compromise to the server, impersonation attack and important message leakage attacks. In addition, Awasthi et al.’s scheme has poor reparability.
