Cryptanalysis of a remote password authentication scheme

A remote password authentication scheme based on the ElGamali digital signa ture scheme has been recently proposed by Hwang. Hwang's scheme does not re quire the system to maintain password files or verification tables to valid ate the legitimacy of the login user Moreover, the scheme can withstand att acks based on message replaying. In this paper, we show that Hwang's scheme is breakable. A legitimate user can impersonate other legal users and pass the system authentication.