matrix-org
[WIP] MSC3262 aPAKE authentication
This MSC is more or less competing with MSC2957 and MSC3265.
Comments and thoughts very welcome.
I am specifically on the fence about advocating for SRP or OPAQUE.
Signed-off-by: Mathijs van Gorcum [email protected]
For my $0.02, I think this proposal represents the best immediate path forward for a more secure login mechanism in Matrix. SCRAM has some unfortunate weaknesses, and while @uhoreg's MSC2957 looks great, it has not yet undergone the same level of scrutiny that SRP has. My proposal in MSC3265 is a short-term hack, and only really improves the protection of the SSSS password; MSC3265 was intended to be more informative than prescriptive.
At @uhoreg's suggestion, I made a quick survey of available SRP libraries that Matrix implementations might use to implement this MSC.
- Python srp
- Python srptools
- JavaScript mozilla/node-srp
- Go 1Password/srp
- The README says that this code is not compatible with RFC 2945 or RFC 5054 due to differences in hashing and padding. Not sure what the practical impact would be for an implementation that's not aiming to implement those RFC's exactly.
- Swift Bouke/SRP
- Note: The author says that the Python
srppackage is not compatible with this code, as it doesn't calculatekcorrectly. But he says that the Pythonsrptoolspackage is compatible.
- Note: The author says that the Python
- C/C++ OpenSSL but it's deprecated
- Rust srp
- Note: This implementation also allows for plugging in different password hashing functions (eg PBKDF2 or bcrypt) to make brute force attacks more difficult. This is a very good idea, and should probably be codified in the MSC itself.