[Cryptography] zero knowledge password proof.
jamesd at echeque.com
jamesd at echeque.com
Sun Sep 9 05:26:56 EDT 2018
Case of interest is that the server is identified by knowledge of the
private key corresponding to the server public key *and* knowledge of a
secret derived from password in a one way process, (one way short of
brute force search). The client is identified by knowledge of the
password.
They prove this knowledge to each other by generating a shared secret,
without revealing this information to each other, without any
possibility of revealing this information if phished to login to the
wrong server.
I find the RFC and the patents less than clear. I understand the
principles, and can easily whip up an algorithm, but need to be able to
say "this is the official XYZ algorithm as documented at ABC by the well
known cryptography expert so and so"
So, can someone point me to an intelligible algorithm description by a
cryptography expert. Or better still, code that I can lift wholesale?
More information about the cryptography
mailing list