subes
commented
2 years ago J-Pake would be an alternative where both parties know the same passwort but don't communicate that over the wire: org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant
http://www.diva-portal.org/smash/get/diva2:1354154/FULLTEXT01.pdf (explanation of the shared password symmetric key exchange)
So this would be a Balanced PAKE type.
I guess the same could be achieved by using a fixed salt (the password) in SRP6a that is shared (which then makes it SRP6 which is a balanced PAKE instead of the augmented SRP6a)?
From: https://github.com/invesdwin/invesdwin-context-integration/issues/19#issuecomment-1186588462
I guess the best approach would be to create a TLS connection using private/public keys, exchange a randomly generated key through that and then use HKDF to derive the other keys from that random key.
User credentials could be checked without transmitting the password via SRP6:
Though in our case we don't want to register users which requires storage of some information. That would be rather something that could be used for a frontend based authentication that should be keyless.
When password is public, SRP6 is only as secure as diffie hellman: https://crypto.stackexchange.com/questions/8314/does-srp-reduce-to-dh-key-exchange-when-shared-password-is-not-secret