Why Do We Still Pass Passwords Over a Network — Meet PAKE
Why Do We Still Pass Passwords Over a Network — Meet PAKE?
Why do we still pass passwords over a network?
Increasingly we use ZKP (Zero-Knowledge Proofs) to prove that the Bob still has knowledge of his password. Another method is PAKE (password-authenticated key exchange) and which supports the hiding of a shared password within network communications. With this we can have a relatively weak shared password on either side, and then communicate to determine a strong shared key:
With SPAKE2, Bob and Alice can derive a strong secret key based on a password that they both know. Eve, who is listening, will not be able to generate the same secret, even though she listens to their communications. If she tries to spoof Bob or Alice, she will only get one change to guess the password before she is locked-out. Thus, Bob and Alice can use a weak password, as Eve only gets one chance to guess. There is also no offline analysis, as the hand-shake must occur on-line. Along with this, there are no derived keys from previous sessions [IETF spec]:
Elliptic curve methods (using Curve 25519) are used to provide security methods that are equivalent to 128-bit AES. Often PAKE is used to do a one-time registration, and then generate a new key which becomes the long-term key. As with SRP, we can use PAKE as a log-in method, but its usage must be carefully analysed for risks.
For SPAKE2, we have two roles: A (Alice) and B (Bob). They use two classes (SPAKE2_A and SPAKE2_B), and then pass messages to each other using these. Each time, Bob and Alice will generate a new key.
Alice take the shared password and converts it into an integer (w). She then picks a random number (x) from 0 to p (a prime number), and which is divisible by h. She then calculates:
X=x ×G and T=w ×M+X
The value of T is sent to Bob. Bob also creates w, and picks a random number (y) from 0 to p (a prime number). He then calculates:
Y=y×G, S=w×N+Y
Bob sends the value of Y to Alice.
Alice calculates K(Alice)=x(S-w×N), and Bob calculates K(Bob)=y(T-w×M). These values are basically:
K(Bob)= x (S-w×N) = x (w×N+Y-w×N)=xY = xyG
K(Alice)= y(T-w×M) = y(w ×M+X-w×N)=yX = xyG
The values of N and M for elliptic curve are:
M =
d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf
seed: edwards25519 point generation seed (M)
N =
d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab
seed: edwards25519 point generation seed (N)
The sample Python coding is [Try here]:
from spake2 import SPAKE2_A
from spake2 import SPAKE2_B
import base64
import sys
password="qwerty"
if (len(sys.argv)>1):
password=str(sys.argv[1])
print "Password for Bob and Alice is:",password
alice = SPAKE2_A(password)
bob = SPAKE2_B(password)
alice_out = alice.start()
bob_out = bob.start()
print "\nAlice passes:\t",base64.b64encode(alice_out)
print "Bob passes:\t",base64.b64encode(bob_out)
key1 = alice.finish(bob_out)
key2 = bob.finish(alice_out)
print "\nKey (Alice):\t",base64.b64encode(key1)
print "Key (Bob):\t",base64.b64encode(key2)
A sample run is [Try here]:
Password for Bob and Alice is: hello123
Alice passes: QRXpsrdkAC0xibdqTRLCOOLbvsO7jgvwsju6t9ZF/rsg
Bob passes: QpVNlqLPQXAvWZSHgxOce86Vzryq1mH+8w6cs9ty8yzj
Key (Alice): 7gbyqgfa5q+R513od++myShq/tC9C7NP+FEf34s8xP4=
Key (Bob): 7gbyqgfa5q+R513od++myShq/tC9C7NP+FEf34s8xP4=
The default is elliptic curve security, but we can use three integer-group parameter sets of Params1024, Params2048 and Params3072 and which gives 80-bit, 112-bit, and 128-bit security levels, respectively.
Conclusions
What a crazy world we live in, and where we give away our password every time we log onto a system. The SPAKE2 system supports the generation of a secret key, where both sides know the shared password.