python-spake2 0.8-2 source package in Ubuntu
Changelog
python-spake2 (0.8-2) unstable; urgency=medium [ Ondřej Nový ] * d/copyright: Use https protocol in Format field * Use debhelper-compat instead of debian/compat. [ Antoine Beaupré ] * remove support for Python 2 (Closes: #938186) -- Antoine Beaupré <email address hidden> Tue, 03 Sep 2019 11:18:26 -0400
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | release | universe | misc | |
| Lunar | release | universe | misc | |
| Jammy | release | universe | misc | |
| Focal | release | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-spake2_0.8-2.dsc | 1.8 KiB | a86b8ad38c25e7a216db4961dffbd757e0be28c3795832e2529fca666d347c71 |
| python-spake2_0.8.orig.tar.gz | 56.7 KiB | c17a614b29ee4126206e22181f70a406c618d3c6c62ca6d6779bce95e9c926f4 |
| python-spake2_0.8.orig.tar.gz.asc | 858 bytes | 1e390ded9ebd552becbe3613adaa893033ca07f3499d304716b02e7dfbcfc565 |
| python-spake2_0.8-2.debian.tar.xz | 5.5 KiB | 02445204d4c84079ed6987948451ee32f7d1523bb5c5c6eedc7fca56a5fc5bd4 |
Available diffs
- diff from 0.8-1 to 0.8-2 (1.6 KiB)
No changes file available.
Binary packages built by this source
- python3-spake2: SPAKE2 password-authenticated key exchange (pure python)
This library implements the SPAKE2 password-
authenticated key
exchange ("PAKE") algorithm. This allows two parties, who share a
weak password, to safely derive a strong shared secret (and therefore
build an encrypted+authenticated channel).
.
A passive attacker who eavesdrops on the connection learns no
information about the password or the generated secret. An active
attacker (man-in-the-middle) gets exactly one guess at the password,
and unless they get it right, they learn no information about the
password or the generated secret. Each execution of the protocol
enables one guess. The use of a weak password is made safer by the
rate-limiting of guesses: no off-line dictionary attack is available
to the network-level attacker, and the protocol does not depend upon
having previously-established confidentiality of the network (unlike
e.g. sending a plaintext password over TLS).
.
The protocol requires the exchange of one pair of messages, so only
one round trip is necessary to establish the session key. If
key-confirmation is necessary, that will require a second round
trip.
