PAKE (Password-Authenticated Key Exchange).

A class of cryptographic protocols (SRP, OPAQUE, SPAKE2, CPace) that let two parties derive a strong shared key from a low-entropy password without exposing the password to offline brute-force or to passive eavesdroppers. Относится к категории Криптография в кибербезопасности.

A class of cryptographic protocols (SRP, OPAQUE, SPAKE2, CPace) that let two parties derive a strong shared key from a low-entropy password without exposing the password to offline brute-force or to passive eavesdroppers.

Password-Authenticated Key Exchange (PAKE) protocols solve a long-standing problem: how to let a user prove possession of a password to a server, and derive an authenticated session key, without ever sending the password (or anything offline-brute-forceable from it) over the wire. The first widely deployed PAKE was SRP-6a (used by Apple iCloud, 1Password, ProtonMail). Modern designs include SPAKE2 (used in CHIP/Matter device commissioning, IETF RFC 9382), CPace (the IETF augmented PAKE recommended in RFC 9380), and OPAQUE (an asymmetric / augmented PAKE that hides the password from the server even during enrolment). PAKE properties matter: a passive attacker on the network learns nothing about the password; an active attacker can only attempt one password per online interaction (no offline grinding); and an attacker who breaches the server's password database cannot impersonate users without further work. The IETF CFRG selected CPace and OPAQUE in 2020 as recommended modern PAKE designs. Adoption is growing: Matter uses SPAKE2 for QR-code device pairing, WPA3 uses Dragonfly (a PAKE-like SAE handshake), and several password managers and identity products now ship OPAQUE.

Защита от PAKE (Password-Authenticated Key Exchange) обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Password-Authenticated Key Exchange, Augmented PAKE.