Skip to Main Content
In 2004, both Ku et al. and Yoon et al. proposed remote user authentication scheme using smart cards, respectively. In 2007, Wang et al., however, showed that both Ku et al.'s scheme and Yoon et al.'s scheme are vulnerable to guessing attacks, forgery attacks and denied service attacks, as well as inefficiency in password authentication. Then, Wang et al. proposed an improvement on them to keep the merits of original schemes by using two-variant hashing operations. Nevertheless, this paper shows that Wang et al.'s scheme still does not provide perfect forward secrecy and is susceptible to a guessing attack and Denning-Sacco attack.