PAKEs
PAKEs copied to clipboard
RustCrypto
Password-Authenticated Key Agreement protocols
srp: avoid unecessary copies in `process_reply`. [`from_bytes_be`] and [`to_bytes_be`] were unnecessarily used multiple times. [`from_bytes_be`]: https://docs.rs/num-bigint/latest/num_bigint/struct.BigUint.html#method.from_bytes_be [`to_bytes_be`]: https://docs.rs/num-bigint/latest/num_bigint/struct.BigUint.html#method.to_bytes_be
srp: compute `K = H(S)` correctly. According to [the specification] section _The SRP protocol_, `K` (which corresponds to the session key) is computed as follows: ``` K = H(S) ```...
I see SPAKE2+ mentioned in the cargo docs of the SPAKE crate. But it's not implemented yet, is it? It would be cool to have it.
Bumps [num-traits](https://github.com/rust-num/num-traits) from 0.2.17 to 0.2.18. Changelog Sourced from num-traits's changelog. Release 0.2.18 (2024-02-07) The new Euclid::div_rem_euclid and CheckedEuclid::checked_div_rem_euclid methods compute and return the quotient and remainder at the same...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
As far as I can tell from the code, what is defined as: > ``` > key = compute_premaster_secret(...) > ``` does not include the given hash invocation step. While...
Added an option to use the implementation in the spec also added an option to omit username when calculating X It's a draft implementation to start conversation on it. Please...
Hello. I was using your library in my code for a couple of years. I just updated it, and saw that `M1` calculation has changed. I see this comment where...
List of "would be nice to have" protocols: - [x] [AuCPace](https://eprint.iacr.org/2018/286) (#115) - [ ] [Dragonfly](https://www.rfc-editor.org/rfc/rfc7664) (see also: [Dragonblood attack](https://wpa3.mathyvanhoef.com/)) - [ ] [CHIP](https://eprint.iacr.org/2020/529.pdf) - [ ] [CRISP](https://eprint.iacr.org/2020/529.pdf) - [...
This is the continuation of #27 #28 and #29 from @brndnmtthws. All changes have been rebased on `master`.
Hi, I noticed that the spake2 crate uses HKDF instead of a memory-hard hash function when converting the password to a scalar: https://github.com/RustCrypto/PAKEs/blob/04ca077f2706fbd4bb5ed903a22bdcd2f20b2b0a/spake2/src/lib.rs#L473 [According to the draft specification](https://tools.ietf.org/html/draft-irtf-cfrg-spake2-09#section-3.1), as well...
