DON'T STORE PASSWORDS!
This library is a .NET 5 / Core implementation of the OPAQUE protocol - a 2021 successor to the Secure Remote Password (SRP) protocol and others.
Targets:
- .NET 5.0
- .NET 2.0
This library is under construction and is not yet ready for use.
It is 2021 - you don't need to store passwords!
Perhaps you are using the Secure Remote Password (SRP) protocol, and that is better, BUT, SRP has a number of issues.
There is better mechanism available for password authentication - the OPAQUE protocol!
OPAQUE is an Asymmetric Password Authenticated Key Exchange (aPAKE) protocol that:
- provides password authentication and mutually authenticated key exchange in a client-server setting;
- does NOT rely on PKI (except during initial registration);
- does NOT disclose passwords to servers or other entities other than the client machine;
- is secure against pre-computation attacks; and
- is capable of using a secret salt.