Everytime I dig into PAKEs, I find disappointment. If we all used a PAKE from the start of computers, maybe we'd be better off, but that's just because we would have been burned by them a dozen times. Right now the tech is very immature and asking a Dev to use these is essentially asking them to pick a cipher mode and padding for AES. There are no browser native SRP implementations and WebCrytpo doesn't support the primitives. The complexity these add isn't worth it for your vanilla website, IMO.

SRP is a great PAKE (password-authenticated key agreement), it can make certain types of attacks to steal a password (like MITM) nearly impossible.

There's also a newer PAKE that improves slightly on SRP, called SPAKE2: https://datatracker.ietf.org/doc/draft-irtf-cfrg-spake2/?inc...

I’ve been following CFRG’s PAKE contest (https://github.com/cfrg/pake-selection) with some interest.

The various algorithms are fascinating and almost, you might say, fairly approachable.

> What we needed, in this case, is a strong Zero-knowledge proof (without transferring password) system that does mutual authentication on the client & server.

I've not heard of SRP before, but it seems like it's trying to solve an already solved problem, and in a seemingly more complicated manner. The W3C's Web Authentication spec[1,2], on the other hand, looks very promising, and I'm hoping all browser vendors will get behind it once it's finished.

[1] https://webauthn.io

[2] https://www.w3.org/TR/webauthn-1/

I've always wished that tls-srp was better supported by tools or that srp was a method for http forms that would work in some standardized way.

is anyone aware of a pre-existing Python implementation of this that isn't `warrant` (which appears to be unmaintained as it has several significant issues in its underlying crypto stack)?

I'm tempted to spend some time writing one (AWS Cognito uses SRP), but also have other things I could do... :)

SRP would be extremely interesting for the web configuration interfaces for IoT devices. We want TLS even locally, but trusting vendor suppled certificates is bad. Implementing SRP on IoT devices would solve these problems, but would need much better support of SRP from the browser vendors.

I feel dumb asking this, but does current industry authentication methods (secure channel via TLS) send the actual password, or a derived challenge-response value through the secure channel? I thought it was the latter.

Wow this sounds amazing — so why isn’t this used everywhere? What’s the downside?