SRP Documentation

Discussion

• What does SRP do?
• Three Important Issues in Password Authentication
  
  • Dictionary Attacks
  • Plaintext-Equivalence
  • Forward Secrecy
• A Brief History of Password Authentication
  
  • Weak and Obsolete Authentication
  • Stronger Authentication
  • Inconvenient Authentication
• SRP Protocol Summary
• Advantages of SRP (or: How does SRP fit in?)
  
  • Security Advantages
  • Technical Advantages
  • Political Advantages
• The Case for Moving to SRP (or: Why should I care?)
• What about smart cards/SecurID/two-factor systems?
  
  • Common Myths Debunked
  • A Proposal for PIN handling in smart cards
• Download slides from my NDSS'98 talk (PostScript)
• The Stanford Telnet/FTP distribution
• Humor: Unsuccessful Acronym Ideas

Abstract: This paper presents a new password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network. The new protocol resists dictionary attacks mounted by either passive or active network intruders, allowing, in principle, even weak passphrases to be used safely. It also offers perfect forward secrecy, which protects past sessions and passwords against future compromises. Finally, user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the host. This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and offers significantly improved performance over comparably strong extended methods that resist stolen-verifier attacks such as Augmented EKE or B-SPEKE.

View the paper in HTML or PostScript.

draft-wu-srp-auth-01.txt

An Internet-Draft describing the SRP authentication mechanism in detail.

draft-wu-telnet-auth-srp-01.txt

A full description of the Telnet Authentication Option for SRP, based on RFC 1416, Telnet Authentication.

Other