KBTAG: kben10000137
URL: http://www.securityportal.com/lskb/10000100/kben10000137.html
Date created: 07/08/2000
Date modified: 10/08/2000
Date removed:
Authors(s): Tom Wu tom@arcot.com
Topic: Stanford Remote authentication Protocol
(SRP)
Keywords: Network/Telnet
The Secure Remote Password (SRP) protocol improves upon older generations of authentication mechanisms. It is a secure password-based authentication and key-exchange protocol that resists both passive and active network attacks, including brute-force attacks against poorly-chosen passwords and MITM (man-in-the-middle) attacks, without depending on previously-exchanged host keys. SRP is unencumbered and freely available for commercial and non-commercial use worldwide.
SRP is a strong zero-knowledge password authentication and key-exchange protocol, which was presented and published at the 1998 NDSS Symposium (http://srp.stanford.edu/ndss.html). It is designed to authenticate a user without his password leaving the client computer, and it is immune to both eavesdropping and active (man-in-the-middle) attacks. Since the user's password is never revealed, even to the server, there is no way for a trojaned server to capture passwords, and there is no way to trick a user into revealing his password to someone spoofing a server. Since this security does not depend on the client knowing the server's host key in advance, users are not required to keep track of host key fingerprints, and they are protected even the first time a client connects to a new server.
The SRP Telnet distribution also has support for START_TLS session security, which provides both data confidentiality and session integrity protection via the SSL/TLS transport security mechanisms, and it supports X11 session forwarding. Both commercial and non-commercial clients and servers are available for a variety of platforms, including Windows. The standard SRP mechanism is specified in RFC2945, and the SRP Telnet protocol is specified in RFC2944. SRP has been formally proposed for inclusion into other existing authentication frameworks, including SASL, PPP, and TLS itself. See http://srp.stanford.edu/ for more information.