The Secure Remote Password protocol is the core technology behind the Stanford SRP Authentication Project. The Project is an Open Source initiative that integrates secure password authentication into existing networking applications.
The Project's primary purpose is to improve password security by making strong password authentication technology a standard part of deployed real-world systems. This is accomplished by making this technology an easy-to-use, hassle-free alternative to weak and vulnerable legacy password authentication schemes. SRP makes these objectives possible because it offers a unique combination of password security, user convenience, and freedom from restrictive licenses.
This site serves as the semi-official home of the SRP distribution, which contains secure versions of Telnet and FTP. In addition, it contains links to a number of SRP-related projects, products (both commercial and non-commercial), and research on the Web.
SRP is a secure password-based authentication and key-exchange protocol. It solves the problem of authenticating clients to servers securely, in cases where the user of the client software must memorize a small secret (like a password) and carries no other secret information, and where the server carries a verifier for each user, which allows it to authenticate the client but which, if compromised, would not allow the attacker to impersonate the client. In addition, SRP exchanges a cryptographically-strong secret as a byproduct of successful authentication, which enables the two parties to communicate securely.
What's New in This Release:
· (telnet) Security fixes for vulnerabilities:
· CAN-2005-0468 Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability
· CAN-2005-0469 Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability
· (libsrp) Change default group parameter test strategy to accept only parameters on the built-in list. Fix originally suggested by Bodo Moeller, University of Calgary.
· (libsrp) Fixed big in BigIntegerCmpInt when built against OpenSSL.
· (telnet) Use header file to declare errno when available.
· (all) Added support for GNU crypto (gcrypt).