<p><span class="h-card" translate="no"><a href="https://wandering.shop/@xgranade" class="u-url mention">@<span>xgranade</span></a></span> *very excited* RFC 2945 "SRP" <a href="https://datatracker.ietf.org/doc/html/rfc2945" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/doc/html/</span><span class="invisible">rfc2945</span></a></p><p>(Mechanism for party A to authenticate a "shared secret" [password] with a party B, and B verifies A has the password, but ALSO A verifies B has the password [i.e. you aren't being phished], but ALSO if B is not really B they don't get a copy of the password, and also you can do the entire exchange unencrypted in a public channel and an observer learns nothing useful. AND you negotiate a session key for free in the process.)</p>
