Links and Web Resources
SRP is available in a rapidly growing collection of
libraries and applications.
If I have omitted anything relevant on this page,
let me know.
SRP-TLS
The SRP-TLS ciphersuites combine strong password authentication and
transport security for easy integration and deployment in
applications that need secure sessions based on
human-memorized passwords.
- The EdelKey project
has implemented the SRP ciphersuites in
OpenSSL.
Also available are patches to enable SRP in
Apache/mod_ssl and
cURL/libcURL.
- TLSLite is a
Python implementation of SSL/TLS which includes support for
the SRP ciphersuites.
- GnuTLS
supports the SRP ciphersuites.
- Jessie, a
free JSSE implementation, supports the SRP ciphersuites in
Java.
SRP Telnet
- The Kermit Project
The Kermit project distributes C-Kermit and Kermit95,
Telnet clients that support nearly every Unix and win32 platform
in common use today.
SRP, Kerberos, and other popular Telnet authentication methods are supported.
- NetTerm
NetTerm is a popular Windows (95, 98, NT, 2k, 3.1) Telnet client
with SRP support.
- Anzio Lite and AnzioWin
Anzio Lite and AnzioWin are Win32 Telnet clients (the first is shareware,
the latter is the commercial version which includes SRP support).
- The Java
Telnet Applet
The Java Telnet Applet is a Telnet client written entirely in Java
with support for SRP.
The Applet can be embedded on a Web page to enable remote users to telnet
in via a Web browser.
- dataComet
DataComet is a popular Mac Telnet client that supports SRP
authentication.
- NiftyTelnet
NiftyTelnet is a Telnet client for the Mac.
The next release of NiftyTelnet will contain SRP support.
Please contact the author, Chris Newman for details.
- MiamiTelnet
MiamiTelnet is a part of the Miami TCP/IP suite for AmigaOS, and supports
a wide variety of secure Telnet features like SRP.
- ProFTPD
ProFTPD is an FTP package with full source and SRP support.
SRP-SASL
SRP authentication in SSH
- Tom Holroyd
has patches to enable SRP authentication in OpenSSH.
- LSH (SSH implementation)
LSH is a GNU implementation of Secure Shell (SSH) that will
incorporate SRP as a supported authentication mechanism.
SRP in other applications
- JBoss
JBoss is an Open Source Java application server which supports
SRP for user authentication.
- The WorldForge Project
The WorldForge Project uses SRP to authenticate individual players
securely to central roleplaying game (RPG) servers.
- SFS
SFS is a secure network file system that runs on a variety of
operating systems and uses SRP for secure network user authentication.
Alternative SRP implementations
- FreshPorts
Links to the FreeBSD port of the SRP distribution.
- The SRP page
This is a resource that contains several patches, modules, etc. based
on SRP. There are FTP clients/servers as well as firewall toolkit patches.
Other Strong Password Methods
- Integrity Sciences - David Jablon's site, with discussion about SPEKE and information about strong password authentication
- PAK -
Philip MacKenzie has released a toolkit for his PAK authentication protocol, an EKE variant.
The PAK distribution is based on the SRP distribution, available from this site.
Other Crypto Resources
Back