Abstract or Summary:
A conventional password authentication scheme requires password files or verification tables which cannot withstand an attack of replaying previously intercepted passwords by an intruder. In this paper, we propose a new password authentication scheme which is based on ElGamal's signature scheme. This scheme is suitable for applications which make use of passwords that are sent from remote locations. Our scheme can verify remote passwords using neither password files nor verification tables.

Our password authentication scheme has three phases: (1) the computer system issues a smart card and a password according to the ID submitted by the registering user; (2) the login procedure is invoked; and (3) the password authentication procedure is invoked. We have also analyzed the security of this newly proposed remote password authentication scheme.