OPAQUE  "Disappear password traffic!" DEMO
 

Server


OPAQUE registration has two steps:

  1. Initiation (</> register_init)

    Client and server collaboratively generate a key that is used by the client to derive a keypair for further authentication. During this interaction, client never reveals the password, instead sends blinded information that no one (even the server) can recover.


  2. Finalization (</> register_finish)

    Client seals an envelope containing the keypair and sends it to the server for storage. The credentials enclosed can only be retrieved by the client only after having interaction with the server. Thus, the stored credentials are valueless to any other parties.

... once user is registered, try to login

Client

(for </> use right-click "View Source")

Register

Enter user credentials :


👁

👁
(Watch network traffic to see that your password never leaves your device.)