Skip to Main Content
In 2002, Lee, Li, and Hwang proposed a hash-based password authentication scheme that is efficient and can be easily implemented. Recently Ku, Chen, and Lee demonstrated that Lee-Li-Hwang's hash-based password authentication scheme is vulnerable to the off line guessing attack, the denial of service attack, and the stolen verifier attack. In 2003, Chih-Wei Lin et al. proposed a security enhancement for optimal strong password authentication protocol. This paper, however, will demonstrate that Chih-Wei Lin's scheme is vulnerable to the denial of service attack. In this article, we shall propose improved schemes to these two remote user authentication schemes, which make them able to withstand denial of service attack and have about the same computational cost as originals.