Abstract

In 2002, Lee, Ryu and Yoo proposed an improved password authentication scheme without using a password table by employing a fingerprint verification mechanism in the user's smartcard and two servers' secret keys. It is shown that their scheme is vulnerable to a simple and effective forgery attack. In addition, it is demonstrated that their scheme is not easily repairable.