PAKEs icon indicating copy to clipboard operation
PAKEs copied to clipboard
verified publisher icon RustCrypto

Use `kdf` traits for PBKDFs

Open tarcieri opened this issue 1 month ago • 1 comments

Right now spake2 and srp suggest they should be used in conjunction with PBKDFs, but do not make it easy to do so or provide ready-made recipes for using them in conjunction with a PBKDF.

aucpace uses the password-hash crate to achieve this, then extracts the output from the computed password hash.

Instead, all of our PAKE implementations could use forthcoming traits from the kdf crate to abstract over PBKDF algorithms (i.e. that we have implemented in the https://github.com/RustCrypto/password-hashes repo)

See: https://github.com/RustCrypto/traits/pull/1879

tarcieri avatar Jan 14 '26 16:01 tarcieri