Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implements SPAKE1 not SPAKE2 #1

Closed
wbl opened this issue Jan 8, 2016 · 2 comments
Closed

Implements SPAKE1 not SPAKE2 #1

wbl opened this issue Jan 8, 2016 · 2 comments

Comments

@wbl
Copy link

wbl commented Jan 8, 2016

If you're using my old draft you should know it has a big mistake. SPAKE2 includes the password to be secure in concurrent settings. See http://www.di.ens.fr/~mabdalla/papers/AbPo05a-letter.pdf for details.
@warner
Copy link
Owner

warner commented Jan 13, 2016

I think we're good, the password is included in the transcript (which is then hashed to compute the session key): https://github.com/warner/python-spake2/blob/master/spake2/spake2.py#L157 and https://github.com/warner/python-spake2/blob/master/spake2/spake2.py#L236 . Could you double-check and close this issue if you agree that we're implementing SPAKE2 correctly?

@wbl
Copy link
Author

wbl commented Jan 13, 2016

You are good: I was mislead by the comments.

@wbl wbl closed this as completed Jan 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@warner @wbl