github.com/bytemare/opaque

OPAQUE

  import "github.com/bytemare/opaque"

This package implements OPAQUE, an asymmetric password-authenticated key exchange protocol that is secure against pre-computation attacks. It enables a client to authenticate to a server without ever revealing its password to the server.

This implementation is developed by one of the authors of the RFC Internet Draft. The main branch is in sync with the latest developments of the draft, and the releases correspond to the official draft versions.

What is OPAQUE?

OPAQUE is a PKI-free secure aPAKE that is secure against pre-computation attacks. OPAQUE provides forward secrecy with respect to password leakage while also hiding the password from the server, even during password registration. OPAQUE allows applications to increase the difficulty of offline dictionary attacks via iterated hashing or other key stretching schemes. OPAQUE is also extensible, allowing clients to safely store and retrieve arbitrary application data on servers using only their password.

References

• The original paper from Jarecki, Krawczyk, and Xu.
• OPAQUE is used in WhatsApp to enable end-to-end encrypted backups.
• The GitHub repo where the draft is being specified.

Documentation

You can find the documentation and usage examples in the package doc and the project wiki .

Versioning

SemVer is used for versioning. For the versions available, see the tags on the repository.

Minor v0.x versions match the corresponding CFRG draft version, the master branch implements the latest changes of the draft development.

Contributing

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.