The Stanford SRP Homepage

The Secure Remote Password protocol performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks. Because SRP offers this unique combination of password security, user convenience, and freedom from restrictive licenses, it is the most widely standardized protocol of its type, and as a result is being used by organizations both large and small, commercial and open-source, to secure nearly every type of human-authenticated network traffic on a variety of computing platforms.

This site serves as a clearinghouse of information about SRP, including links to software and tools that make it easy to integrate SRP authentication into your products. Since the number of such projects has grown so rapidly in the last few years, this site cannot maintain an exhaustive list, but will instead focus on important and critical projects in representative categories.

The SRP ciphersuites have become established as the solution for secure mutual password authentication in SSL/TLS, solving the common problem of establishing a secure communications session based on a human-memorized password in a way that is crytographically sound, standardized, peer-reviewed, and has multiple interoperating implementations. As with any crypto primitive, it is almost always better to reuse an existing well-tested package than to start from scratch.

Please direct all comments, questions, and suggestions to Tom Wu (tjw@cs.Stanford.EDU).