Password-authenticated Key Exchange is where two or more parties, based only on their knowledge of a password, establish a Cryptographic Key using an exchange of messages, such that an unauthorized party (one who controls the communication channel but does not possess the password) cannot participate in the method and is constrained as much as possible from brute force guessing the password. (The optimal case yields exactly one guess per run exchange.)
Two forms of Password-authenticated Key Exchange are Balanced and Augmented methods.
More Information#There might be more information for this subject on one of the following:
- Password-authenticated Key Agreement
- Using the Secure Remote Password (SRP) Protocol for TLS Authentication
- [#1] - Password-authenticated Key Exchange - based on information obtained 2016-06-05
- [#2] - Encrypted Key Exchange Password-Based Protocols Secure Against Dictionary Attacks - based on information obtained 2018-10-21