Department of Mathematics
Royal Holloway University Of London

Technical report: Comments on the security of the SPAPA strong password authentication protocol

Authors: Chris J. Mitchell and Siaw-Lynn Ng

Reference: RHUL-MA-2007-8


The hash function based Strong Password Authentication Protocol
with User Anonymity (SPAPA) was designed to protect users against
monitoring by utilising temporary identities instead of true
identities. In this letter we show that it is vulnerable to
several attacks, including two which allow an adversary to link
the activities of a user.

Download the full report from this page.

Department of Mathematics, Royal Holloway, University of London, Egham, Surrey TW20 0EX
Tel/Fax: +44 (0)1784 443093/430766