draft-irtf-cfrg-opaque
The OPAQUE Asymmetric PAKE Protocol (by cfrg)
opaque-ke
An implementation of the OPAQUE password-authenticated key exchange protocol (by facebook)
| draft-irtf-cfrg-opaque | opaque-ke | |
|---|---|---|
| 2 | 1 | |
| 96 | 274 | |
| - | 1.1% | |
| 7.2 | 6.1 | |
| 7 days ago | 2 months ago | |
| Python | Rust | |
| GNU General Public License v3.0 or later | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
draft-irtf-cfrg-opaque
Posts with mentions or reviews of draft-irtf-cfrg-opaque.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-10-14.
-
Encrypt messages for two-participants chat
This can naturally be combined with login authentication using https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html which also stores an encrypted blob on the server in a similar fashion, and that avoids ever sending user passwords to server.
-
How did LastPass master passwords get compromised?
When I was doing some research into building an app that encrypted data similar to these cloud password managers, I encountered OPAQUE[1] which seems to be the ideal way to perform authentication and securing a master encryption key. It is an asymmetric PAKE that also has a step for providing a salt. This removes the need to do what LastPass does with treating the first hash as a password. There is a great article from Cloudflare on how it works[2], and a working implementation of the spec in rust[3].
[1]: https://github.com/cfrg/draft-irtf-cfrg-opaque
[2]: https://blog.cloudflare.com/opaque-oblivious-passwords/
[3]: https://github.com/novifinancial/opaque-ke
opaque-ke
Posts with mentions or reviews of opaque-ke.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-30.
-
How did LastPass master passwords get compromised?
When I was doing some research into building an app that encrypted data similar to these cloud password managers, I encountered OPAQUE[1] which seems to be the ideal way to perform authentication and securing a master encryption key. It is an asymmetric PAKE that also has a step for providing a salt. This removes the need to do what LastPass does with treating the first hash as a password. There is a great article from Cloudflare on how it works[2], and a working implementation of the spec in rust[3].
[1]: https://github.com/cfrg/draft-irtf-cfrg-opaque
[2]: https://blog.cloudflare.com/opaque-oblivious-passwords/
[3]: https://github.com/novifinancial/opaque-ke
What are some alternatives?
When comparing draft-irtf-cfrg-opaque and opaque-ke you can also consider the following projects:
argon2-browser - Argon2 library compiled for browser runtime
pass-import - A pass extension for importing data from most existing password managers