Lib.rs

A simple configuration of the opaque-ke OPAQUE implementation, using a base64url-encoded format to serialize and deserialize the Rust structs.

OPAQUE (see the Internet-Draft) is an upcoming standard for password authentication. It is more secure than a traditional simple salt and password hash scheme.

It enables a workflow where the server never learns the user password, yet the server does not need to provide the salt to anyone who asks, providing security against pre-computation attacks.

It uses a basic CipherSuite configured as follows:

• curve25519_dalek Ristretto group as Group
• opaque-ke's own TripleDH as KeyExchange
• sha2 Sha512 as Hash
• argon2 default Argon2 as SlowHash

It exposes four functions on both the server and client: login finish/start and register finish/start; as well as a key generation function.

opaque-borink is useful as a stand-alone library, but also serves as the core library for opaquepy and @tiptenbrink/opaquewasm, bindings for Python and WebAssembly, respectively.