This repository has been archived by the owner on May 1, 2024. It is now read-only.
Use a PAKE algorithm for login, to avoid passing passphrase to server in cleartext #35
Comments
|
One potential (audited) candidate: https://github.com/novifinancial/opaque-ke |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Moving to something like SRP or OPAQUE (https://en.wikipedia.org/wiki/Password-authenticated_key_agreement#Augmented_PAKE) for source logins would reduce the level of trust required in the server, while making it practical to store stuff like source key bundles encrypted and inaccessible server-side. This is currently difficult to do in SD Classic because it requires client-side code, which isn't an issue here.
The text was updated successfully, but these errors were encountered: