The opaque-store software manages a simple OPAQUE based online store of small
blobs.
.
The OPAQUE protocol is described in the IRTF Crypto Forum Research Group draft
(https://github.com/cfrg/draft-irtf-cfrg-opaque). The OPAQUE protocol combines
a Oblivious Pseudo-Random Function (OPRF) and an Authenticated Key-Exchange
(AKE) into a protocol where a user holding nothing but a password and a server
holding some information protected by the password can establish a shared
secret. The protocol describes an augmented (or asymmetric)
password-authenticated key exchange (aPAKE) that supports mutual authentication
in a client-server setting without reliance on PKI and with security against
pre-computation attacks upon server compromise. In addition, the protocol
provides forward secrecy and the ability to hide the password from the server,
even during password registration.
.
OPAQUE-Store goes beyond the original OPAQUE protocol as specified by the
IRTF/CFRG and also supports a threshold variant of OPAQUE. In a threshold setup
you have a number N of servers that all hold a share of your secret and at
least a threshold number T of these need to cooperate to recover the secret.
This provides extra robustness and dillution of responsibility (losing a server
is not the end of the world!) while at the same time increases security, as an
attacker now has to compromise at least T servers to get access to some
information.
Installed Size: 58.4 kB
Architectures: all