Source: opaque-store Section: utils Priority: optional Maintainer: Joost van Baal-Ilić Uploaders: Stefan Marsiske Build-Depends: debhelper-compat (= 13), python3-setuptools, python3-all, dh-python, cmark Rules-Requires-Root: no Standards-Version: 4.7.0 Homepage: https://github.com/stef/opaque-store Vcs-Browser: https://salsa.debian.org/debian/opaque-store Vcs-Git: https://salsa.debian.org/debian/opaque-store.git Package: opaque-store Architecture: all Multi-Arch: foreign Depends: ${misc:Depends}, python3:any, ${python3:Depends} Description: store OPAQUE password encrypted blobs of information online The opaque-store software manages a simple OPAQUE based online store of small blobs. . The OPAQUE protocol is described in the IRTF Crypto Forum Research Group draft (https://github.com/cfrg/draft-irtf-cfrg-opaque). The OPAQUE protocol combines a Oblivious Pseudo-Random Function (OPRF) and an Authenticated Key-Exchange (AKE) into a protocol where a user holding nothing but a password and a server holding some information protected by the password can establish a shared secret. The protocol describes an augmented (or asymmetric) password-authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. In addition, the protocol provides forward secrecy and the ability to hide the password from the server, even during password registration. . OPAQUE-Store goes beyond the original OPAQUE protocol as specified by the IRTF/CFRG and also supports a threshold variant of OPAQUE. In a threshold setup you have a number N of servers that all hold a share of your secret and at least a threshold number T of these need to cooperate to recover the secret. This provides extra robustness and dillution of responsibility (losing a server is not the end of the world!) while at the same time increases security, as an attacker now has to compromise at least T servers to get access to some information.