So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the guessing attack, the replay attack, the impersonation attack, and the stolen-verifier attack. Later, Ku, Tsai, and Chen showed that Lin-Shen-Hwang's scheme suffers from a replay attack and a denial-of-service attack. Herein, we propose a more secure hash-based strong-password authentication scheme without using smart cards.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Steven M. Bellovin , Michael Merritt, Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise, Proceedings of the 1st ACM conference on Computer and communications security, p.244-250, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168618]
	2	C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E85-B, no. 11, pp. 2519--2521, Nov. 2002.
	3	Li Gong, Optimal authentication protocols resistant to password guessing attacks, Proceedings of the The Eighth IEEE Computer Security Foundations Workshop (CSFW '95), p.24, March 13-15, 1995
	4	N. M. Hailer, "The S/KEY (TM) one-time password system," in Proceedings of the Internet Society Symposium on Network and Distributed System Security, pp. 151--158, 1994.
	5	T. Hwang and W. C. Ku, "Reparable key distribution protocols for Internet environments," IEEE Transactions on Communications, vol. 43, no. 5, pp. 1947--1950, May 1995.
	6	David P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review, v.26 n.5, p.5-26, Oct. 1996  [doi>10.1145/242896.242897]
	7	W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme," IEICE Transactions on Communications, 1682-1684, May 2003.
	8	Wei-Chi Ku , Hao-Chuan Tsai , Shuai-Min Chen, Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol, ACM SIGOPS Operating Systems Review, v.37 n.4, p.26-31, October 2003  [doi>10.1145/958965.958968]
	9	Leslie Lamport, Password authentication with insecure communication, Communications of the ACM, v.24 n.11, p.770-772, Nov. 1981  [doi>10.1145/358790.358797]
	10	C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622--2627, Sept. 2001.
	11	Chih-Wei Lin , Jau-Ji Shen , Min-Shiang Hwang, Security enhancement for Optimal Strong-Password Authentication protocol, ACM SIGOPS Operating Systems Review, v.37 n.2, p.7-12, April 2003  [doi>10.1145/769782.769783]
	12	Chris J. Mitchell , Liqun Chen, Comments on the S/KEY user authentication scheme, ACM SIGOPS Operating Systems Review, v.30 n.4, p.12-16, Oct. 1996  [doi>10.1145/240799.240801]
	13	M. Sandirigama, A. Shimizu, and M. T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363--1365, June 2000.
	14	A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions, vol. J73-D-I, no. 7, pp. 630--636, July 1990.
	15	A. Shimizu, T. Horioka, and H. Inagaki, "A password authentication methods for contents communication on the Internet," IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666--1673, Aug. 1998.
	16	T. Tsuji and A. Shimizu, "An impersonation attack on one-time password authentication protocol OSPA," IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2182--2185, July 2003.
	17	IEEE P 1363.2 / D 11 (Standard specifications for password-based public-key cryptographic techniques), IEEE P1363 working group, Aug. 2003.