R. Padmavathy


The key exchange protocol using passwords achieved great attention due to its simplicity and efficiency. On the other hand, the protocol should resist all types of password guessing attacks, since the password is of low entropy. Recently, Chang and Chang proposed a novel three party simple key exchange protocol. They claimed the protocol was secure, efficient and practical. Overriding their claims Yoon and Yoo presented an Undetectable online password guessing attack on the above protocol. Recently, a password key exchange protocol PSRJ was proposed and claimed to be in-vulnerable to Undetectable online password guessing attack proposed by Yoon and Yoo. This paper presents an Undetectable on-line password guessing attack on PSRJ protocol. Additionally, to overcome the attack, an enhancement over the existing protocol with reduced modular exponentiation operations is proposed.


Chang-Chang password key exchange protocol; Undetectable online password guessing attack; PSRJ protocol.

Full Text: PDF

Print ISSN: 1392-124X 
Online ISSN: 2335-884X