!!! Overview[1]
[{$pagename}] ([SRP]) performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks.[{$pagename}] is a three-rond [Password-authenticated Key Agreement] ([PAKE]) [protocol][{$pagename}] is described in several RFCs:
* [RFC 2944] - [Telnet Authentication; SRP]
* [RFC 2945] - [The SRP Authentication and Key Exchange System]
* [RFC 5054] - [Using the Secure Remote Password (SRP) Protocol for TLS Authentication]

[{$pagename}] is an augmented [Password-authenticated Key Agreement] ([PAKE]) protocol, specifically designed to work around existing patents.

[{$pagename}] is a [password-based] is an [Authentication Method] that offers a [Zero-knowledge proof] from the [protocol Client] to the [protocol Server].

Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each guess. This means that strong security can be obtained using weak passwords. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data. This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.

[{$pagename}] has some at last perceived issues with [Patents].[2]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [The Stanford SRP Homepage|http://srp.stanford.edu//|target='_blank'] - based on information obtained 2016-06-05
* [#2] - [Why is SRP not widely used?|https://crypto.stackexchange.com/questions/8245/why-is-srp-not-widely-used|target='_blank'] - based on information obtained 2018-10-21-