Hi Everyone, A PAKE is a password authenticated key exchange. They are very nice schemes because they provide channel binding, which is an important security property. Channel setup is tied to authenticating both the client and the server (or initiator and responder); and channel setup fails if both parties don't prove knowledge of the same secret.
PAKEs usually avoid dumb things, like putting the password on the wire in plain text like web browsers. This ensures the client and/or server do not disclose the secret to an attacker. An example of a PAKE is Thomas Wu's Secure Remote Password (SRP). We have not been able to add SRP because we don't have the framework in place. Wei started cutting in the interfaces for password authenticated key agreements, but the work was never finished. See http://github.com/weidai11/cryptopp/blob/master/cryptlib.h#L2813. I'd like to start moving that work forward. If you have some time, uncomment the code and implement your favorite PAKE, and report back on the pain points. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
