@node PAKE
-@section Password Authenticated Key Agreement
+@subsection Password Authenticated Key Agreement
Previously we used pre-shared high-entropy long-term static key for
client-server authentication. Is is secure, but not convenient for some
user use-cases:
-@itemize @bullet
-@item Compromising of password files on either server or client side
+@itemize
+@item Compromising of passphrase files on either server or client side
allows attacker to masquerade himself a client.
@item To prevent compromising of keys on the client side, one needs some
kind of passphrase protected secure storage (like either PGP with
Overall security on the client side is concentrated in passphrase
(high-entropy password), so it is convenient to use it in GoVPN
-directly, without static on-disk keys. That is why we use password
+directly, without static on-disk keys. That is why we use passphrase
authenticated key agreement.
We use "passphrase" term instead of "password". Technically there may be
entropy source.
Passphrases are entered directly by the human on the client side. Server
-side stores previously shared so-called @ref{Verifier}. Verifier contains
-dictionary attack resistant password derivative. Attacker can not use it
-to act as a client.
+side stores previously shared so-called @ref{Verifier, verifier}. Verifier
+contains dictionary attack resistant password derivative. Attacker can not
+use it to act as a client.