The Stanford SRP Homepage
The Secure Remote Password protocol
performs secure remote authentication of short human-memorizable
passwords and resists both passive and
active network attacks.
Because SRP offers this unique combination of password security,
user convenience, and freedom from restrictive licenses,
it is the most
widely standardized protocol
of its type, and as a result
is being used by organizations both large and small,
commercial and open-source, to secure nearly every type of
human-authenticated network traffic on a variety of computing
platforms.
This site serves as a clearinghouse of information about SRP,
including links to software and tools that make it easy to
integrate SRP authentication into your products.
Since the number of such projects has grown so rapidly in
the last few years, this site cannot maintain an exhaustive
list, but will instead focus on important and critical projects
in representative categories.
Most of the recent momentum has centered around
TLS/SRP
because it solves the twin problems of secure password
authentication and transport/session security in a single,
crytographically sound unit that is standardized and has
multiple interoperating implementations.
As with any crypto primitive, it is almost always better to
reuse an existing well-tested package than to start from scratch.
- Documentation - Learn more about the technology
- Demo - See a JavaScript-based demo of SRP in your browser, now with support for the latest SRP-6a protocol.
- Download - Source code, API libraries; includes patches for TLS-SRP support in OpenSSL
![[NEW]](images/new.gif)
- References
- Links - third-party SRP and SRP-TLS implementations, and other Web resources
Please direct all comments, questions, and suggestions to
Tom Wu
(tjw@cs.Stanford.EDU).