RFC 5683

Password-Authenticated Key (PAK) Diffie-Hellman Exchange, February 2010

File formats:
icon for text file icon for PDF icon for HTML icon for inline errata
A. Brusilovsky
I. Faynberg
Z. Zeltsan
S. Patel

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC5683

Discuss this RFC: Send questions or comments to the mailing list rfc-ise@rfc-editor.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 5683


This document proposes to add mutual authentication, based on a human-memorizable password, to the basic, unauthenticated Diffie-Hellman key exchange. The proposed algorithm is called the Password-Authenticated Key (PAK) exchange. PAK allows two parties to authenticate themselves while performing the Diffie-Hellman exchange.

The protocol is secure against all passive and active attacks. In particular, it does not allow either type of attacker to obtain any information that would enable an offline dictionary attack on the password. PAK provides Forward Secrecy. This document is not an Internet Standards Track specification; it is published for informational purposes.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search