RFC 2945 (rfc2945) - Page 1 of 8


The SRP Authentication and Key Exchange System



Alternative Format: Original Text Document



Network Working Group                                              T. Wu
Request for Comments: 2945                           Stanford University
Category: Standards Track                                 September 2000


             The SRP Authentication and Key Exchange System

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document describes a cryptographically strong network
   authentication mechanism known as the Secure Remote Password (SRP)
   protocol.  This mechanism is suitable for negotiating secure
   connections using a user-supplied password, while eliminating the
   security problems traditionally associated with reusable passwords.
   This system also performs a secure key exchange in the process of
   authentication, allowing security layers (privacy and/or integrity
   protection) to be enabled during the session.  Trusted key servers
   and certificate infrastructures are not required, and clients are not
   required to store or manage any long-term keys.  SRP offers both
   security and deployment advantages over existing challenge-response
   techniques, making it an ideal drop-in replacement where secure
   password authentication is needed.

1. Introduction

   The lack of a secure authentication mechanism that is also easy to
   use has been a long-standing problem with the vast majority of
   Internet protocols currently in use.  The problem is two-fold: Users
   like to use passwords that they can remember, but most password-based
   authentication systems offer little protection against even passive
   attackers, especially if weak and easily-guessed passwords are used.

   Eavesdropping on a TCP/IP network can be carried out very easily and
   very effectively against protocols that transmit passwords in the
   clear.  Even so-called "challenge-response" techniques like the one
   described in [RFC 2095] and [RFC 1760], which are designed to defeat



Wu                          Standards Track