Test the protocol and see how it works
Type in some credentials and see how the magic works.
OPAQUE provides robust security measures that effectively neutralize various types of attacks. Unlike traditional methods, it eliminates the need to send passwords to the server, thereby thwarting sniffing and replay attacks. Moreover, the protocol prevents pre-computation attacks by attackers.
Through the use of an Oblivious Pseudo-Random Function (OPRF), OPAQUE safeguards the password and basically some form of "salt", making it impervious to direct password leaks. This protocol has also undergone rigorous testing and offers mathematical proofs of security within a robust model.
Another advantage is its ability to offload the memory-hard key-stretching function to the client side. This not only enhances security but also minimizes the server's vulnerability to computational denial-of-service (DoS) attacks.
Furthermore, OPAQUE can function securely over an unencrypted communication channel, removing the necessity for additional layers like TLS. It even includes a countermeasure against user enumeration attacks: the server can return a decoy record, making it impossible for an attacker to determine whether a particular user exists or not.
- Registration and login require one extra request roundtrip to complete each flow
- Serenity (opens in a new tab) as authentication mechanism for the account
- WhatsApp (opens in a new tab) for their end-to-end encrypted backups
- The server never learns the password and therefor never can log it (accidentally)
- One extra roundtrip for registration and login
- No need for users to rely on an external authority for key storage. Usually Apple, Google or Microsoft.
- No device/browser/OS lock-in. On Linux for example there is no Passkey support.
- No support for a stable
export_keyon the client. This makes Passkeys unsuitable for encrypted backups or as a foundation for end-to-end encryption apps. Might be possible in the future with the PRF Extension (opens in a new tab)
- You still need to remember and store a password. Passwordless authentication is preferable.
- Passkeys have even stronger security guarantees against server compromise since only a public key is stored.
Note: You can also deploy Passkeys and have Opaque as a fallback for users without Passkeys. Best of both worlds.
- 2018: The OPAQUE (opens in a new tab) paper was published.
- 2018-2023 A group of IETF members worked on the OPAQUE protocol RFC (opens in a new tab).
- 2020: Work on opaque-ke (opens in a new tab) started.
- 2020: Work on opaque-wasm (opens in a new tab) started. It allowed us to give explore the protocol in a beta and inspired us to build a full library. We made a comparison table between the two libraries here.