The Stanford SRP Homepage
The Secure Remote Password protocol
performs secure remote authentication of short human-memorizable
passwords and resists both passive and
active network attacks.
Because SRP offers this unique combination of password security,
user convenience, and freedom from restrictive licenses,
it is the most
widely standardized protocol
of its type, and as a result
is being used by organizations both large and small,
commercial and open-source, to secure nearly every type of
human-authenticated network traffic on a variety of computing
This site serves as a clearinghouse of information about SRP,
including links to software and tools that make it easy to
integrate SRP authentication into your products.
Since the number of such projects has grown so rapidly in
the last few years, this site cannot maintain an exhaustive
list, but will instead focus on important and critical projects
in representative categories.
The SRP ciphersuites
have become established as the solution for secure mutual
password authentication in SSL/TLS,
solving the common problem of establishing a secure
communications session based on a human-memorized password
in a way that is crytographically sound, standardized,
peer-reviewed, and has
multiple interoperating implementations.
As with any crypto primitive, it is almost always better to
reuse an existing well-tested package than to start from scratch.
- Documentation - Learn more about the technology
- Download - Source code, API libraries; includes patches for TLS-SRP support in OpenSSL
- Links - third-party SRP and SRP-TLS implementations, and other Web resources
Please direct all comments, questions, and suggestions to