In 2008, Kim-Koc proposed a secure hash-based strong-password authentication protocol using one-time public key cryptography. He claimed that the protocol was secure against guessing, stolen-verifier, replay, denial-of-service, and impersonation attacks. However, we show that the protocol is vulnerable to impersonation, guessing, and stolen-verifier attacks. We propose improvements to increase the security level of the protocol.

• 出版日期2010-9