Lib.rs

Authentication
#opaque #passwords #serialization #server-client

opaquebind

Simple configuration of OPAQUE, a passowrd-authenticated key exchange protocol

by Tip ten Brink

3 unstable releases

new 0.3.6 Jun 13, 2024
0.2.1 Jan 15, 2022
0.2.0 Jan 13, 2022

#353 in Authentication

Download history 11/week @ 2024-02-22 7/week @ 2024-02-29 23/week @ 2024-03-28 13/week @ 2024-04-04

123 downloads per month

Apache-2.0 OR MIT

22KB
323 lines

This crate was originally named opaquebind, but has been renamed to opaque-borink. The last version named opaquebind can be found found here.

A simple configuration of the opaque-ke OPAQUE implementation, using a base64url-encoded format to serialize and deserialize the Rust structs.

OPAQUE (see the Internet-Draft) is an upcoming standard for password authentication. It is more secure than a traditional simple salt and password hash scheme.

It uses a basic CipherSuite configured as follows:

  • curve25519_dalek Ristretto group as Group
  • opaque-ke's own TripleDH as KeyExchange
  • sha2 Sha512 as Hash
  • argon2 default Argon2 as SlowHash

It exposes four functions on both the server and client: login finish/start and register finish/start; as well as a key generation function.

opaquebind serves as the core library for opaquepy and @tiptenbrink/opaquewasm, bindings for Python and WebAssembly, respectively.

Dependencies

~4.5MB
~94K SLoC