X.1035

{{short description|ITU-T recommendation}}

{{Infobox technology standard

| title = X.1035

| long_name = Password-authenticated key exchange (PAK) protocol

| image = Diffie-Hellman-Schlüsselaustausch.png

| caption =

| status = In force

| year_started = 2007

| version = (09/07)

| version_date = September 2007

| preview =

| preview_date =

| organization = ITU-T

| committee = Study Group 17

| base_standards =

| related_standards =

| abbreviation =

| domain =

| license =

| website = http://www.itu.int/rec/T-REC-X.1035

}}

ITU-T Recommendation X.1035 specifies a password-authenticated key agreement protocol that ensures mutual authentication of two parties by using a Diffie–Hellman key exchange to establish a symmetric cryptographic key. The use of Diffie-Hellman exchange ensures perfect forward secrecy—a property of a key establishment protocol that guarantees that compromise of a session key or long-term private key after a given session does not cause the compromise of any earlier session.

In X.1035, the exchange is protected from the man-in-the-middle attack. The authentication relies on a pre-shared secret (e.g., password), which is protected (i.e., remains unrevealed) to an eavesdropper preventing an off-line dictionary attack.{{Cite book|url=https://books.google.com/books?id=isU3ewATX3QC&pg=PT151|title=Cybersecurity: Public Sector Threats and Responses|last=Andreasson|first=Kim J.|date=2012-05-17|publisher=CRC Press|isbn=9781466551237|pages=151|language=en}}

The protocol can be used in a wide variety of applications including those with pre-shared secrets based on possibly weak passwords.

X.1035 was approved on 13 February 2007 by ITU-T Study Group 17.{{Cite web|url=https://www.itu.int/rec/T-REC-X.1035|title=X.1035 : Password-authenticated key exchange (PAK) protocol|website=www.itu.int|url-status=live|archive-url=https://web.archive.org/web/20191114104555/https://www.itu.int/rec/T-REC-X.1035|archive-date=2019-11-14|access-date=2019-11-14}}