What is SRP?
SRP is a secure password-based authentication and key-exchange protocol.
It solves the problem of authenticating clients to servers securely,
in cases where the user of the client software must memorize a small secret
(like a password) and carries no other secret information,
and where the server carries a verifier for each user,
which allows it to
authenticate the client but which, if compromised, would not allow
the attacker to impersonate the client.
In addition, SRP exchanges a cryptographically-strong secret as a
byproduct of successful authentication, which enables the two parties to
Many password authentication solutions claim to solve this exact problem,
and new ones are constantly being proposed.
Although one can claim security by devising a protocol that avoids sending
the plaintext password unencrypted, it is much more difficult to devise a
protocol that remains secure when:
The idea behind SRP first appeared on USENET in late 1996, and subsequent
discussion led to refined proposals in 1997 to address these security
This lead to the development of one of the variants of the protocol
still in use today, known as SRP-3, which was published in 1998 after
several rounds of discussion and refinement on cryptography-related
newsgroups and mailing lists, and has withstood considerable public
analysis and scrutiny since then.
The technology evolved into a newer variant known as SRP-6, which
maintains the security of SRP-3 but has refinements that make it
more flexible and easier to incorporate into existing systems.
Technical details of the actual protocol design
are available from this site.
- Attackers have complete knowledge of the protocol.
- Attackers have access to a large dictionary of commonly used passwords.
- Attackers can eavesdrop on all communications between client and server.
- Attackers can intercept, modify, and forge arbitrary messages between client and server.
- A mutually trusted third party is not available.
SRP is available to commercial and non-commercial users under a
The Internet played a significant role in SRP's early development;
without it, SRP would not have received anywhere near the amount of
analysis and feedback that it has gotten since it was first proposed
It is thus fitting that the Internet at large can benefit from the
fruits of this endeavor.
Since SRP is specifically designed to work around existing patents in the area, it gives
everybody access to strong, unencumbered password authentication
technology that can be put to a wide variety of uses.
The SRP distribution is available under Open Source-friendly licensing terms
(for the net.savvy reader, it's a "BSD-style" license).
More information about the SRP project
is available at this site, and a reference
implementation, which includes versions of Telnet and FTP that
incorporate SRP support, can be downloaded as well.
The links page has pointers to
a wide range of projects and products, both commercial and non-commercial,
that use SRP, as well as related work and papers that cover strong password