Abstract

We analyze and improve the security of the efficient password-based authentication protocol that has been proposed recently in the Australasian conference on information security and privacy (ACISP) 2003. Its distinct idea is to utilize two generators of a certain cyclic group for efficiency, while the protocol is vulnerable to the server compromise attack on the contrary to the original assumption. Fortunately, we improve its security in this paper and also remark on its extended version called EPA+.