Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for the SRP-6/6a PAKE protocol #179

Open
athoelke opened this issue Mar 5, 2024 · 2 comments
Open

Add support for the SRP-6/6a PAKE protocol #179

athoelke opened this issue Mar 5, 2024 · 2 comments
Labels
Crypto API Issue or PR related to the Cryptography API enhancement New feature or request

Comments

@athoelke
Copy link
Contributor

athoelke commented Mar 5, 2024

SRP-6 is the currently most widely deployed augmented PAKE algorithm, based on a key exchange based on finite-field Diffie-Hellmann arithmetic.

An early version is defined in RFC 2945, the SRP-6 definition adds protection against additional attacks, and RFC 5054 defines how SRP-6 can be used with TLS.

However, there is no single definitive reference for SRP-6, and differences exist in both the construction of the key confirmation messages, and the processing of the raw DH output value into a shared secret. For inclusion into the Crypto API, a precise definition of the algorithm (or algorithms) will need to be provided.

@athoelke athoelke added enhancement New feature or request Crypto API Issue or PR related to the Cryptography API labels Mar 5, 2024
@athoelke athoelke added this to the Crypto API 1.x milestone Mar 5, 2024
@athoelke
Copy link
Contributor Author

athoelke commented Mar 5, 2024

An initial proposal for the API elements has been proposed in #178

@stevew817
Copy link

Adding an upvote for SRP-6(a) as in use by the Homekit Accessory Protocol. An example implementation under Apache 2.0 exists e.g. here (Python) or here (Ruby).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Crypto API Issue or PR related to the Cryptography API enhancement New feature or request
Projects
Development

No branches or pull requests

2 participants