Southwest Georgia Bank
In this paper, the authors show that both Ku et al.'s scheme and Yoon et al.'s scheme are vulnerable to guessing attack, forgery attack and denied service attack, as well as inefficiency in password authentication. By introducing the two-variant hashing operation, accordingly, they propose an efficient and secure improvement on them to keep the merits of original schemes. As a result, only few additional hash operations are required to solve the security flaws and to gain extra security. The proposed improvement is still completely based on cryptographic hash functions, and does not maintain any verification table on the remote server.