[sc00bz]

I forgot to add a TL;DR. I posted one on Twitter though:

"TL;DR: do https://gist.github.com/Sc00bz/ec1f5fcfd18533bf0d6bf31d1211d... instead of SRP."

The context was someone implementing SRP6a because they didn't have Ristretto255. This is actually what made me write this article.

----

Anyway, if it was that short then one wouldn't have learned as much about PAKEs, how they work, and some properties of them. One of the things I knew about PAKEs but never like formed it into a thought was "The basic idea of a PAKE is to hide something. The three main things one can hide are the ephemeral public key[s] (like SRP6a), the generator, and/or (for aPAKEs) the salt." Every PAKE falls into one of those categories. Well besides maybe J-PAKE that's a "commit-reveal". Which is hiding the thing being committed. I don't know what's being committed or how it's be committed or revealed. So it might fit in one of the categories. I have notes on J-PAKE from reading the paper but stopped at "now read this other paper to find out what the 6 'NIZK' functions calls do". J-PAKE makes VTBPEKE look like a good PAKE. VTBPEKE hides the generator and also has a commit-reveal. It's designed like this either because of patents or proofs... or both.