PAKE (Password-Authenticated Key Exchange).

A class of cryptographic protocols (SRP, OPAQUE, SPAKE2, CPace) that let two parties derive a strong shared key from a low-entropy password without exposing the password to offline brute-force or to passive eavesdroppers. Es gehört zur Kategorie Kryptografie der Cybersicherheit.

A class of cryptographic protocols (SRP, OPAQUE, SPAKE2, CPace) that let two parties derive a strong shared key from a low-entropy password without exposing the password to offline brute-force or to passive eavesdroppers.

Password-Authenticated Key Exchange (PAKE) protocols solve a long-standing problem: how to let a user prove possession of a password to a server, and derive an authenticated session key, without ever sending the password (or anything offline-brute-forceable from it) over the wire. The first widely deployed PAKE was SRP-6a (used by Apple iCloud, 1Password, ProtonMail). Modern designs include SPAKE2 (used in CHIP/Matter device commissioning, IETF RFC 9382), CPace (the IETF augmented PAKE recommended in RFC 9380), and OPAQUE (an asymmetric / augmented PAKE that hides the password from the server even during enrolment). PAKE properties matter: a passive attacker on the network learns nothing about the password; an active attacker can only attempt one password per online interaction (no offline grinding); and an attacker who breaches the server's password database cannot impersonate users without further work. The IETF CFRG selected CPace and OPAQUE in 2020 as recommended modern PAKE designs. Adoption is growing: Matter uses SPAKE2 for QR-code device pairing, WPA3 uses Dragonfly (a PAKE-like SAE handshake), and several password managers and identity products now ship OPAQUE.

Schutzmaßnahmen gegen PAKE (Password-Authenticated Key Exchange) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Password-Authenticated Key Exchange, Augmented PAKE.