Abstract
A remote password authentication scheme based on the ElGamal digital signature scheme has been recently proposed by Hwang. Hwang's scheme does not require the system to maintain password files or verification tables to validate the legitimacy of the login user. Moreover, the scheme can withstand attacks based on message replaying. In this paper, we show that Hwang's scheme is breakable. A legitimate user can impersonate other legal users and pass the system authentication.
C.R. Categories: