The primary goal of the SRP Project is to provide standards, technologies, and implementations that improve password security of existing protocols and applications while preserving the ease-of-use associated with passwords and integrating cleanly with these systems. SRP accomplishes these objectives because it was designed with a number of considerations in mind.
Security - SRP was designed to protect passwords against both passive and active network attacks. The Project believes that open research and publication is more likely to produce a truly secure cryptosystem than proprietary, closed-source development. Since its introduction in 1997 and publication in 1998, SRP has been extensively analyzed and studied in the open, and all analysis to date has confirmed its security. We realize that password security is an active field of research and that SRP is subject to cryptanalytic advances against its underlying mathematical foundations (discrete logarithms).
Convenience - From the perspective of some users, the fact that SRP keeps password interfaces exactly the same while delivering secure authentication is perhaps the greatest of its technical advances. Until now, users have had to compromise - either put up with some added inconvenience or accept an imperfect security model. SRP advances the status quo in both directions, achieving the best of both worlds in one package.
Openness - With the increasing importance of Open Source software, it is important that cryptographic technology remain available to the freeware community. SRP is distributed on Open Source-friendly terms so that such projects can take advantage of the technology.
Simplicity - SRP is a drop-in replacement for weak password authentication. Instead of involving third parties, key servers, or a PKI, SRP is just a black box that accepts a password from the user and produces secure authentication and key-exchange as its result. Since it is a "better mousetrap" that doesn't require major interface changes, a wide range of products have been able to incorporate SRP instead of having it remain as a single, proprietary, monolithic entity.
Despite the availability of good security products on the marketplace for Intranet and Internet use, consumers have been slow to adopt them in any significant number and will continue to ignore them until they are well-integrated into the user's environment (e.g. Netscape and SSL). The SRP Project aims to attain that level of integration for password security, to make it "part of the operating system" so to speak.
The Open Source movement is an important part of this objective, because the ability of Open Source OSes to integrate new, freely-available technology is one of its greatest strengths. Because SRP can be incorporated into US-based software without being subject to export restrictions, this enables the level of universal password security that has the potential to benefit all users. Indeed, users of these OSes (e.g. Linux and OpenBSD) have expressed a great deal of interest in exactly this type of integration.