What is SRP?

SRP is a secure password-based authentication and key-exchange protocol. It solves the problem of authenticating clients to servers securely, in cases where the user of the client software must memorize a small secret (like a password) and carries no other secret information, and where the server carries a verifier for each user, which allows it to authenticate the client but which, if compromised, would not allow the attacker to impersonate the client. In addition, SRP exchanges a cryptographically-strong secret as a byproduct of successful authentication, which enables the two parties to communicate securely.

Many password authentication solutions claim to solve this exact problem, and new ones are constantly being proposed. Although one can claim security by devising a protocol that avoids sending the plaintext password unencrypted, it is much more difficult to devise a protocol that remains secure when:

Attackers have complete knowledge of the protocol.
Attackers have access to a large dictionary of commonly used passwords.
Attackers can eavesdrop on all communications between client and server.
Attackers can intercept, modify, and forge arbitrary messages between client and server.
A mutually trusted third party is not available.

The idea behind SRP first appeared on USENET in late 1996, and subsequent discussion led to refined proposals in 1997 to address these security properties. This lead to the development of one of the variants of the protocol still in use today, known as SRP-3, which was published in 1998 after several rounds of discussion and refinement on cryptography-related newsgroups and mailing lists, and has withstood considerable public analysis and scrutiny since then. The technology evolved into a newer variant known as SRP-6, which maintains the security of SRP-3 but has refinements that make it more flexible and easier to incorporate into existing systems. Technical details of the actual protocol design are available from this site.

SRP is available to commercial and non-commercial users under a royalty-free license. The Internet played a significant role in SRP's early development; without it, SRP would not have received anywhere near the amount of analysis and feedback that it has gotten since it was first proposed and refined. It is thus fitting that the Internet at large can benefit from the fruits of this endeavor. Since SRP is specifically designed to work around existing patents in the area, it gives everybody access to strong, unencumbered password authentication technology that can be put to a wide variety of uses.

The SRP distribution is available under Open Source-friendly licensing terms (for the net.savvy reader, it's a "BSD-style" license). More information about the SRP project is available at this site, and a reference implementation, which includes versions of Telnet and FTP that incorporate SRP support, can be downloaded as well. The links page has pointers to a wide range of projects and products, both commercial and non-commercial, that use SRP, as well as related work and papers that cover strong password authentication.

Back