ABSTRACT
The use of passwords is a major point of vulnerablility in computer security as passwords are often
easy to guess by automated programs running dictionary attacks. Several attempts have been made by
researchers in order to counter online dictionary attack but with one drawback or the other, for example
storing passwords in plain text, denial of service and so on. This paper employs Diffie-Hellman Key
Exchange Scheme to impose more challenges to the attackers with three guesses as against one in the
referenced protocol. Two way hash functions were used to generate two indices which were encrypted
so that the attackers would not be able to compromise with the Server. The new scheme requires a high
computatioal time of 1.743years as against 1.6625years proposed by other researchers for
discouraging online dictionary attacks.
Keywords: authentication, identification, hash functions, online dictionary attacks, disrcete logarithm
theorem.
