SRP: Industry-Standard Strong Password Security (original) (raw)
The Stanford SRP Homepage
The Secure Remote Password protocol performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks. Because SRP offers this unique combination of password security, user convenience, and freedom from restrictive licenses, it is the mostwidely standardized protocol of its type, and as a result is being used by organizations both large and small, commercial and open-source, to secure nearly every type of human-authenticated network traffic on a variety of computing platforms.
This site serves as a clearinghouse of information about SRP, including links to software and tools that make it easy to integrate SRP authentication into your products. Since the number of such projects has grown so rapidly in the last few years, this site cannot maintain an exhaustive list, but will instead focus on important and critical projects in representative categories.
The SRP ciphersuiteshave become established as the solution for secure mutual password authentication in SSL/TLS, solving the common problem of establishing a secure communications session based on a human-memorized password in a way that is crytographically sound, standardized, peer-reviewed, and hasmultiple interoperating implementations. As with any crypto primitive, it is almost always better to reuse an existing well-tested package than to start from scratch.
- Documentation - Learn more about the technology
- Demo - See a JavaScript-based demo of SRP in your browser, now with support for the latest SRP-6a protocol.
- Download - Source code, API libraries; includes patches for TLS-SRP support in OpenSSL
![[NEW]](http://srp.stanford.edu/images/new.gif)
- References
- Links - third-party SRP and SRP-TLS implementations, and other Web resources
Please direct all comments, questions, and suggestions toTom Wu(tjw@cs.Stanford.EDU).