Password-authenticated Key Exchange (PAKE
) is where two or more parties, based only on their knowledge of a password, establish a Cryptographic Key
using an exchange of messages, such that an unauthorized party (one who controls the communication channel but does not possess the password) cannot participate in the method and is constrained as much as possible from brute force guessing the password. (The optimal case yields exactly one guess per run exchange.)
Two forms of Password-authenticated Key Exchange are Balanced and Augmented methods.
There might be more information for this subject on one of the following: