emilmuller
commented
2 years ago Would be a great addition! Why are we still sending passwords over the wire? 🤔
Open henrik-lindqvist opened 2 years ago
emilmuller
commented
2 years ago Would be a great addition! Why are we still sending passwords over the wire? 🤔
See: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-spake2-26
BoringSSL has implemented it, and it's being used by a particular protocol on Android 11+. Since BC implement X25519 and Ed25519 i guess it should include most required parts already. It would be a great addition since currently there seems to be no pure Java implementation available. :)
Due to lack of knowledge and documentation i can't really tell if it's easy to do already with the public Ed25519/X25519 API?