Link to this headingOPAQUE
- Password-Authenticated Key Exchange Protocol (PAKE)
- Authenticates the user with a password or hash
https://eprint.iacr.org/2018/163.pdf
https://github.com/lowbee2019/OPAQUE/blob/master/OPAQUE.py
Link to this headingoblivious PRF
- Keeps the salt from being sent to the user
- Keeps the password from being sent to the server
- If password is bad wrong salt2 is generated
The server stores "salt", and the client has the password.
salt2 = PRF(salt, password) // This is calculated between the
// client and server, using an oblivious
// protocol where the client never learns
// salt, and the server never learns
// the password. The client obtains salt2
K = PasswordHash(salt2, password) // This is done on the client