References and Links

[HA94]

N. Haller and R. Atkinson, "On Internet Authentication", RFC 1704, Naval Research Laboratory, October 1994.

[Jablon96]

D. Jablon, "Strong Password-Only Authenticated Key Exchange", ACM Computer Communications Review, October 1996.

[BM89]

S. M. Bellovin and M. Merritt, "Limitations of the Kerberos Authentication System", Proceedings of the 1991 USENIX Conference, Dallas, TX 1991.

[BM92]

S. M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks", Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, May 1992.

[BM94]

S. M. Bellovin and M. Merritt, "Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise", AT&T Bell Laboratories (c. 1994).

[STW95]

M. Steiner, G. Tsudik, and M. Waidner, "Refinement and Extension of Encrypted Key Exchange", ACM Operating Systems Review, Vol. 29, No. 3, July 1995.

[DS81]

D. Denning and G. Sacco, "Timestamps in Key Distribution Systems", Communications of the ACM, August 1981.

[Sch96]

B. Schneier, "Applied Cryptography", 2nd ed., John Wiley & Sons, 1996.

SRP on the Net

• The Java Telnet Applet
• The Kermit Project
• TeraTERM
• NiftyTelnet
• CyberSAFE (Kerberos vendor)

Other Crypto Resources

• Peter Gutmann's Security and Encryption Links
• Tom Dunigan's Security Page
• Neil's Security and Privacy Resources