{"id":23394309,"url":"https://github.com/phlay/pspka","last_synced_at":"2025-04-08T16:22:41.667Z","repository":{"id":35509591,"uuid":"39779665","full_name":"phlay/pspka","owner":"phlay","description":"password seeded public key authentication","archived":false,"fork":false,"pushed_at":"2015-08-15T16:47:05.000Z","size":176,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-14T12:53:40.569Z","etag":null,"topics":["asymmetric-cryptography","authentication","cryptography","password"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phlay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-27T14:43:45.000Z","updated_at":"2023-01-10T16:20:02.000Z","dependencies_parsed_at":"2022-08-31T18:51:26.777Z","dependency_job_id":null,"html_url":"https://github.com/phlay/pspka","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phlay%2Fpspka","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phlay%2Fpspka/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phlay%2Fpspka/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phlay%2Fpspka/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phlay","download_url":"https://codeload.github.com/phlay/pspka/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247878278,"owners_count":21011223,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asymmetric-cryptography","authentication","cryptography","password"],"created_at":"2024-12-22T06:14:26.305Z","updated_at":"2025-04-08T16:22:41.625Z","avatar_url":"https://github.com/phlay.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"WARNING\n-------\n\nThis is a new protocol and may have severe security flaws rendering it\ncompletly useless. Use the demo programs only for security analysis and not for\nany productive environment.\n\n\nPSPKA \n-----\n\nLet's face it: Passwords suck! And they do in a number of ways\n\n1. people do forget them\n2. people choose weak ones (low entropy)\n3. companies do lose them\n4. the company or service potentialy knows your password\n\nWhile some problems are intrinsic (like (1)) and can't be helped, there are\nwell known technices to attack (2) and (3): Passwords are not stored in clear\ntext but instead a password hash (or\n[KDF](http://en.wikipedia.org/wiki/Key_derivation_function)) is used to\nscramble them. By using a 'salt' a KDF makes it difficult for an attacker to\nuse precalculated password lists and the heavy cpu demand of a KDF makes them\ntime consuming to brute force (modern KDFs also need a significant amount of\nfast memory to defeat fast custom hardware).\n\nBut this feature makes them also unattractive on a server with many users, since\nthe server is usually the one calculating the password hash. But the big problem\nin letting the server calculate the hash is actually (4): If you don't trust the\nserver (either it's security or it's maintainers) you are forced to use an\nunique password for it.\n\nThe idea is to let the user calculate the KDF and change password verification\nto a challenge-response protocol. But we don't want to give the server the\npassword hash either, because if that gets stolen it could be used to login to\nthe server without even needing the original password.\n\nTo solve these problems i recommend to use a combination of classical password\nhashes (or KDF) and a modern elliptic curve signature scheme: The PSPKA scheme\nuses a KDF, like [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2), to derive a\n256bit [EdDSA](https://en.wikipedia.org/wiki/EdDSA) secret key from the users\nidentity and password and then calculates the corresponding EdDSA public key.\nThis public key together with the KDF parameters (like salt and iteration\ncount) are used as password hash.\n\nIf the user wants to authorize later a public-key challenge-response method is\nused: The server sends a random challenge (including KDF parameters) and the\nuser uses her secret key (again derived from her identity and password, using\nthe salt and KDF parameters from the challenge) to sign the challenge together\nwith a random nonce and a context field describing this login. The response\nconstists of the random nonce together with the signature. This way our user can\nlogin as usual with identity and password without any saved state, although it\nis recommended to store the KDF parameters.\n\nThe PSPKA protocol could also be used to protect a [Diffie-Hellman\n(DH)](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)\nconnection between user and server from a [man-in-the-middle\nattack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack), by using the\nshared DH secret as context in the response. (The context is normaly used to\ndefend against a server, trying to reuse a user-response to login as this user\non a different service.)\n\nProblem (2) and limitation of damage are the only reasons to not reuse the same\npassword for different services, with this scheme. But if a password is really\nstrong and a good KDF is used, there is no security problem in publishing the\ncorresponding PSPKA-hash.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphlay%2Fpspka","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphlay%2Fpspka","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphlay%2Fpspka/lists"}