Encrypted Key Exchange (EKE) [1, 2] allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders [4, 7]. We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper [1] and we also offer countermeasures to the attacks. However, for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme [4] from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secur...