Crates.io | aucpace |
lib.rs | aucpace |
version | 0.1.1 |
source | src |
created_at | 2022-10-11 00:33:46.429952 |
updated_at | 2023-07-28 00:05:23.059567 |
description | AuCPace protocol implementation |
homepage | https://github.com/RustCrypto/PAKEs |
repository | https://github.com/RustCrypto/PAKEs/tree/master/aucpace |
max_upload_size | |
id | 684956 |
size | 219,853 |
Pure Rust implementation of the AuCPace password-authenticated key-exchange algorithm.
This library is an implementation of the AuCPace (Augmented Composable Password Authenticated Connection Establishment) protocol. AuCPace is an efficient verifier-based PAKE protocol designed for Industrial IOT applications. It allows two parties, who share a weak password, to safely derive a strong shared secret (and therefore build an encrypted+authenticated channel).
A passive attacker who eavesdrops on the connection learns no information about the password or the generated secret. An active attacker (machine-in-the-middle) gets exactly one guess at the password, and unless they get it right, they learn no information about the password or the generated secret. Each execution of the protocol enables one guess. The use of a weak password is made safer by the rate-limiting of guesses: no offline dictionary attack is available to the network-level attacker.
The protocol requires a previous "registration" of a user over a secure channel. Without this it is unsafe to perform a registration.
The ClientMessage
and ServerMessage
structs compromise all the data that is sent in messages between the
client and the server. Optionally the serde
feature can be enabled to allow serde to serialise and deserialise
these messages.
Currently this implementation uses the "Ristretto255" group, though this is subject to change.
AuCPace is designed for Industrial IOT settings, specifically where you have many low-power servers and a single client which is assumed to be more powerful. This protocol is specifically designed for situations with limited Public Key Infrastructure (PKI), where using a V-PAKE protocol provides a significant security improvement by preventing phishing and offline dictionary attacks.
Additionally a variant of the protocol - StrongAuCPace - is also implemented, this provides resistance to pre-computation attacks by blinding sensitive values in transit.
The partially augmented version of the protocol allows for even less computational burden on the server by utilising a long term key-pair for each user on the server, instead of generating a fresh one each time.
This crate has never received an independent third party audit for security and correctness.
USE AT YOUR OWN RISK!
Rust 1.60 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.