在2004年及2005年, Tsaur等人分別提出二個運用智慧卡在網際網路遠端環境建立多重伺服器通行碼認證通信協定。他們聲稱他們的協定是安全的,並且可能承受各種各樣的種類攻擊。然而,在分析以後,我們發現他們的每一個協定之中都存在一些安全性的缺失。在本文中,我們將揭示這二個協定的安全缺失。 In 2004 and 2005, Tsaur et al. proposed a smart card based password authentication schemes for multi-server environments, respectively. They claimed that their protocols are safe and can withstand various kinds of attacks. However, after analysis, we found their schemes each have some secure loopholes. In this article, we will show the security flaws in these two protocols.
