Password-Authenticated Key Diffie-Hellman Exchange
RFC 5683, “Password-Authenticated Key Diffie-Hellman Exchange”, is an Informational document published in February 2010 by A. Brusilovsky, I. Faynberg, Z. Zeltsan, S. Patel. The canonical text is published by the RFC Editor.
Abstract
This document proposes to add mutual authentication, based on a human-memorizable password, to the basic, unauthenticated Diffie-Hellman key exchange. The proposed algorithm is called the Password-Authenticated Key (PAK) exchange. PAK allows two parties to authenticate themselves while performing the Diffie-Hellman exchange.
The protocol is secure against all passive and active attacks. In particular, it does not allow either type of attacker to obtain any information that would enable an offline dictionary attack on the password. PAK provides Forward Secrecy. This document is not an Internet Standards Track specification; it is published for informational purposes.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 5683 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5684 Unintended Consequences of NAT Deployments with Overlapping Address Space
- RFC 5687 GEOPRIV Layer 7 Location Configuration Protocol: Problem Statement and Requirements
- RFC 5688 A Session Initiation Protocol Media Feature Tag for MIME Application Subtypes
- RFC 5690 Adding Acknowledgement Congestion Control to TCP
- RFC 5669 The SEED Cipher Algorithm and Its Use with the Secure Real-Time Transport Protocol
- RFC 5667 Network File System Direct Data Placement
- RFC 5666 Remote Direct Memory Access Transport for Remote Procedure Call
- RFC 5665 IANA Considerations for Remote Procedure Call Network Identifiers and Universal Address Formats