#opaque #authentication #cryptography #passwords #client-server

no-std opaque-ke

An implementation of the OPAQUE password-authenticated key exchange protocol

23 releases (6 stable)

3.0.0 Oct 10, 2024
3.0.0-pre.4 Jul 25, 2023
3.0.0-pre.2 Mar 15, 2023
2.1.0-pre.1 Oct 10, 2024
0.1.0 Jun 5, 2020

#9 in No standard library

Download history 1954/week @ 2024-08-04 1271/week @ 2024-08-11 1712/week @ 2024-08-18 1552/week @ 2024-08-25 1208/week @ 2024-09-01 1775/week @ 2024-09-08 1862/week @ 2024-09-15 2009/week @ 2024-09-22 2187/week @ 2024-09-29 1640/week @ 2024-10-06 1490/week @ 2024-10-13 1078/week @ 2024-10-20 1460/week @ 2024-10-27 1060/week @ 2024-11-03 1054/week @ 2024-11-10 1224/week @ 2024-11-17

4,820 downloads per month
Used in 7 crates (6 directly)

Apache-2.0 OR MIT

510KB
8K SLoC

The OPAQUE key exchange protocol Build Status

OPAQUE is an augmented password-authenticated key exchange protocol. It allows a client to authenticate to a server using a password, without ever having to expose the plaintext password to the server.

This implementation is based on the Internet Draft for OPAQUE.

Background

Augmented Password Authenticated Key Exchange (aPAKE) protocols are designed to provide password authentication and mutually authenticated key exchange without relying on PKI (except during user/password registration) and without disclosing passwords to servers or other entities other than the client machine.

OPAQUE is a PKI-free aPAKE that is secure against pre-computation attacks and capable of using a secret salt.

Documentation

The API can be found here along with an example for usage. More examples can be found in the examples directory.

Installation

Add the following line to the dependencies of your Cargo.toml:

opaque-ke = "3"

Minimum Supported Rust Version

Rust 1.74 or higher.

Audit

This library was audited by NCC Group in June of 2021. The audit was sponsored by WhatsApp for its use in enabling end-to-end encrypted backups.

The audit found issues in release v0.5.0, and the fixes were subsequently incorporated into release v1.2.0. See the full audit report here.

Resources

Contributors

The authors of this code are Kevin Lewi (@kevinlewi) and François Garillot (@huitseeker). To learn more about contributing to this project, see this document.

Acknowledgments

Special thanks go to Hugo Krawczyk and Chris Wood for helping to clarify discrepancies and making suggestions for improving this implementation. Additional credit goes to @daxpedda for adding no_std support, p256 support, and making other general improvements to the library.

License

This project is dual-licensed under either the MIT license or the Apache License, Version 2.0. You may select, at your option, one of the above-listed licenses.

Dependencies

~3–5MB
~100K SLoC