opaque-borink
| Crates.io | opaque-borink |
| lib.rs | opaque-borink |
| version | 0.4.0 |
| source | src |
| created_at | 2024-06-13 15:00:14.386114 |
| updated_at | 2024-06-14 10:50:43.752015 |
| description | Simple configuration of OPAQUE, a passowrd-authenticated key exchange protocol. |
| homepage | |
| repository | https://github.com/tiptenbrink/opaque-borink/tree/main/opaque-borink |
| max_upload_size | |
| id | 1270731 |
| size | 20,999 |
Tip ten Brink (tiptenbrink)
documentation
README
A simple configuration of the opaque-ke OPAQUE implementation, using a base64url-encoded format to serialize and deserialize the Rust structs.
OPAQUE (see the Internet-Draft) is an upcoming standard for password authentication. It is more secure than a traditional simple salt and password hash scheme.
It enables a workflow where the server never learns the user password, yet the server does not need to provide the salt to anyone who asks, providing security against pre-computation attacks.
It uses a basic CipherSuite configured as follows:
- curve25519_dalek Ristretto group as Group
- opaque-ke's own TripleDH as KeyExchange
- sha2 Sha512 as Hash
- argon2 default Argon2 as SlowHash
It exposes four functions on both the server and client: login finish/start and register finish/start; as well as a key generation function.
opaque-borink is useful as a stand-alone library, but also serves as the core library for opaquepy and @tiptenbrink/opaquewasm, bindings for Python and WebAssembly, respectively.