Provably Secured Two Server Hash Password Authentication
The techniques of Secured Socket Layer (SSL) with client-side certificates for commercial web sites rely on a relatively weak form of password authentication. Browser sends a user's plaintext password to a remote web server using SSL is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This has drawn attention on the need for new hash function designs. In addition the authentication systems which uses passwords stored in a central server is easily prone to attack. To overcome the problem of single server password attacks, the multi-server systems were proposed in which user communicates in parallel with several or all of the servers.