opaque-borink
| Crates.io | opaque-borink |
| lib.rs | opaque-borink |
| version | |
| source | src |
| created_at | 2024-06-13 15:00:14.386114 |
| updated_at | 2025-01-07 10:54:59.313016 |
| description | Simple configuration of OPAQUE, a passowrd-authenticated key exchange protocol. |
| homepage | |
| repository | https://github.com/tiptenbrink/opaque-borink/tree/main/opaque-borink |
| max_upload_size | |
| id | 1270731 |
| Cargo.toml error: | TOML parse error at line 18, column 1 | 18 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
| size | 0 |
Tip ten Brink (tiptenbrink)
documentation
README
A simple instantiation/configuration of the opaque-ke OPAQUE implementation.
OPAQUE (see the Internet-Draft) is an upcoming standard for password authentication. It is more secure than a traditional simple salt and password hash scheme.
It enables a workflow where the server never learns the user password, yet the server does not need to provide the salt to anyone who asks, providing security against pre-computation attacks.
It uses a basic CipherSuite configured as follows:
- Ristretto255 as the OprfCs, i.e. the
voprfCipherSuite, which means usingcurve25519_dalekas the Ristretto implementation andsha2's Sha512 as the hash implementation - Ristretto255 as the key exchange group (KeGroup), again implemented using
curve25519_dalek - opaque-ke's own TripleDH as KeyExchange
- argon2 default Argon2 as the key stretching function (Ksf)
It exposes four functions on both the server and client: login finish/start and register finish/start; as well as a key generation function. It also exposes a number of constants for the sizes of various structs.
It is optimized for the usecase in which the server is stateless, but the client stateful.
opaque-borink is useful as a stand-alone library, but also serves as the core library for opaquepy and @tiptenbrink/opaquewasm, bindings for Python and WebAssembly, respectively.
Changelog
v0.4.1
- Adds support for building on newer Rust, backports Argon v0.4.1 support to the fixed version, should still work as before
v0.5.0
- BREAKING: Update OPAQUE to v3, which is a new protocol version and thus previous registrations are no longer valid
- BREAKING: Update Argon2 to v0.5, which uses different default parameters, also causing registrations to become invalid
- It is therefore recommended to reregister and reauthenticate all new users
v0.6.0
- BREAKING: The entire API has been reengineered to be somewhat more flexible and no longer only have base64url input/output