EKE protocol is replaced by Augmented-EKE and static symmetric (both
sides have it) pre-shared key replaced with server-side verifier. This
requires, 64 more bytes in handshake traffic, Ed25519 dependency with
corresponding sign/verify computations, PBKDF2 dependency and its
usage on the client side during handshake.
A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks,
can use human memorable passphrases instead of static keys and
server-side verifiers can not be used for authentication (compromised
server does not leak client’s authentication keys/passphrases).