Abstract
In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian–Zunic's password authentication scheme based on the Diffie–Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng–Jan–Chien's scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang–Chang–Hwang's scheme is still vulnerable to a denial‐of‐service attack and a stolen‐verifier attack. In addition, we also propose an improved scheme with better security.