SRP Links and Web Resources
SRP is available in a rapidly growing collection of
libraries and applications.
If I have omitted anything relevant on this page,
let me know.
The SRP-TLS ciphersuites (RFC 5054), combine strong password authentication and
transport security for easy integration and deployment in
applications that need secure sessions based on
- The Kermit Project
The Kermit project distributes C-Kermit and Kermit95,
Telnet clients that support nearly every Unix and win32 platform
in common use today.
SRP, Kerberos, and other popular Telnet authentication methods are supported.
NetTerm is a popular Windows (95, 98, NT, 2k, 3.1) Telnet client
with SRP support.
- Anzio Lite and AnzioWin
Anzio Lite and AnzioWin are Win32 Telnet clients (the first is shareware,
the latter is the commercial version which includes SRP support).
- The Java
The Java Telnet Applet is a Telnet client written entirely in Java
with support for SRP.
The Applet can be embedded on a Web page to enable remote users to telnet
in via a Web browser.
DataComet is a popular Mac Telnet client that supports SRP
NiftyTelnet is a Telnet client for the Mac.
The next release of NiftyTelnet will contain SRP support.
Please contact the author, Chris Newman for details.
MiamiTelnet is a part of the Miami TCP/IP suite for AmigaOS, and supports
a wide variety of secure Telnet features like SRP.
ProFTPD is an FTP package with full source and SRP support.
SRP authentication in SSH
- Tom Holroyd
has patches to enable SRP authentication in OpenSSH.
- LSH (SSH implementation)
LSH is a GNU implementation of Secure Shell (SSH) that will
incorporate SRP as a supported authentication mechanism.
SRP in other applications
JBoss is an Open Source Java application server which supports
SRP for user authentication.
GoToMeeting, currently being sold by
uses SRP for
- Clipperz password manager
A Web-based password manager that uses SRP as its authentication protocol.
- The WorldForge Project
The WorldForge Project uses SRP to authenticate individual players
securely to central roleplaying game (RPG) servers.
SFS is a secure network file system that runs on a variety of
operating systems and uses SRP for secure network user authentication.
Samhain is a open-source host-based intrusion detection system (HIDS)
that uses SRP authentication.
- Access Remote PC
Access Remote PC uses SRP to password-protect remote login sessions.
Other Strong Password Methods
- jablon.org - David Jablon's site, with discussion about SPEKE and information about strong password authentication
- PAK -
Philip MacKenzie has released a toolkit for his PAK authentication protocol, an EKE variant.
The PAK distribution is based on the SRP distribution, available from this site.
Other Crypto Resources