4

While there are plenty of PAKE protocols, especially those augmented ones which are practical in C/S model, actually they seem to be not widely used. Even TLS-Standardized SRP, the most popular one among them, I just know it's used in apple's iCloud. In addition, J-PAKE was used in Mozilla's synchronization but aborted for its weird usage.

So, Is there any situation or famous system in which PAKEs are widely used that I don't know? If no, why are they not used even when their patents are expired?

fgrieu
  • 149,326
  • 13
  • 324
  • 622
weir007
  • 41
  • 2

1 Answers1

6

I see three main reasons why PAKEs are not widely used yet:

  • The lack of IETF standards. SRP has limitations discussed in the link @fgrieu posted above. Many PAKE protocols have been designed, but they lack a convincing security proof, or properties some applications may expect. This is being solved as we speak. The CFRG is currently having a selection process, existing PAKEs are being carefully reviewed, and the outcome will be a small set of recommendations for each use case.
  • The lack of implementations. Possibly due to the above.
  • The lack of awareness. Most people have never heard of PAKEs.
Frank Denis
  • 3,073
  • 19
  • 19