Overview[1]#
Secure Remote Password Protocol (SRP) performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks.Secure Remote Password Protocol is a three-rond Password-authenticated Key Agreement (PAKE) protocolSecure Remote Password Protocol is described in several RFCs:- RFC 2944 - Telnet Authentication; SRP
- RFC 2945 - The SRP Authentication and Key Exchange System
- RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication
Secure Remote Password Protocol is an augmented Password-authenticated Key Agreement (PAKE) protocol, specifically designed to work around existing patents.
Secure Remote Password Protocol is a password-based is an Authentication Method that offers a Zero-knowledge proof from the protocol Client to the protocol Server.
Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each guess. This means that strong security can be obtained using weak passwords. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data. This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.
Secure Remote Password Protocol has some at last perceived issues with Patents.[2]
More Information#
There might be more information for this subject on one of the following:- SRP
- The SRP Authentication and Key Exchange System
- Using the Secure Remote Password (SRP) Protocol for TLS Authentication
- [#1] - The Stanford SRP Homepage
- based on information obtained 2016-06-05
- [#2] - Why is SRP not widely used? - based on information obtained 2018-10-21-