RFC 9382
SPAKE2, a Password-Authenticated Key Exchange, September 2023
- File formats:
- Also available: XML file for editing
- Status:
- INFORMATIONAL
- Author:
- W. Ladd
- Stream:
- IRTF
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9382
Discuss this RFC: Send questions or comments to the mailing list cfrg@irtf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9382
Abstract
This document describes SPAKE2, which is a protocol for two parties that share a password to derive a strong shared key without disclosing the password. This method is compatible with any group, is computationally efficient, and has a security proof. This document predated the Crypto Forum Research Group (CFRG) password-authenticated key exchange (PAKE) competition, and it was not selected; however, given existing use of variants in Kerberos and other applications, it was felt that publication was beneficial. Applications that need a symmetric PAKE, but are unable to hash onto an elliptic curve at execution time, can use SPAKE2. This document is a product of the Crypto Forum Research Group in the Internet Research Task Force (IRTF).
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.