Skip to Main Content
In 2007, Hu-Niu-Yang put forward an improved efficient password authenticated key agreement scheme for multi-server architecture based on Chang-Lee's scheme proposed in 2004. This scheme is claimed to be more efficient and is able to overcome a few existing deficiencies in Chang-Lee's scheme. However, we find that this scheme is not as ideal as described by the authors. Specifically, the fulfillment of forward secrecy property is delusively claimed and some potential threats to their scheme have been negligently uncovered in their security analysis. In this paper, we will discuss these issues in depth.