[Cryptography] zero knowledge password proof.

jamesd at echeque.com jamesd at echeque.com
Sun Sep 9 05:26:56 EDT 2018


Case of interest is that the server is identified by knowledge of the 
private key corresponding to the server public key *and* knowledge of a 
secret derived from password in a one way process, (one way short of 
brute force search).  The client is identified by knowledge of the 
password.

They prove this knowledge to each other by generating a shared secret, 
without revealing this information to each other, without any 
possibility of revealing this information if phished to login to the 
wrong server.

I find the RFC and the patents less than clear.  I understand the 
principles, and can easily whip up an algorithm, but need to be able to 
say "this is the official XYZ algorithm as documented at ABC by the well 
known cryptography expert so and so"

So, can someone point me to an intelligible algorithm description by a 
cryptography expert.  Or better still, code that I can lift wholesale?


More information about the cryptography mailing list