Secure Remote Password Protocol is described in several RFCs:
- RFC 2944 - Telnet Authentication; SRP
- RFC 2945 - The SRP Authentication and Key Exchange System
- RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication
Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each guess. This means that strong security can be obtained using weak passwords. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data. This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.
More Information#There might be more information for this subject on one of the following:
- The SRP Authentication and Key Exchange System
- Using the Secure Remote Password (SRP) Protocol for TLS Authentication