RFC 2945 (rfc2945) - Page 1 of 8
The SRP Authentication and Key Exchange System
Alternative Format: Original Text Document
Network Working Group T. Wu
Request for Comments: 2945 Stanford University
Category: Standards Track September 2000
The SRP Authentication and Key Exchange System
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document describes a cryptographically strong network
authentication mechanism known as the Secure Remote Password (SRP)
protocol. This mechanism is suitable for negotiating secure
connections using a user-supplied password, while eliminating the
security problems traditionally associated with reusable passwords.
This system also performs a secure key exchange in the process of
authentication, allowing security layers (privacy and/or integrity
protection) to be enabled during the session. Trusted key servers
and certificate infrastructures are not required, and clients are not
required to store or manage any long-term keys. SRP offers both
security and deployment advantages over existing challenge-response
techniques, making it an ideal drop-in replacement where secure
password authentication is needed.
1. Introduction
The lack of a secure authentication mechanism that is also easy to
use has been a long-standing problem with the vast majority of
Internet protocols currently in use. The problem is two-fold: Users
like to use passwords that they can remember, but most password-based
authentication systems offer little protection against even passive
attackers, especially if weak and easily-guessed passwords are used.
Eavesdropping on a TCP/IP network can be carried out very easily and
very effectively against protocols that transmit passwords in the
clear. Even so-called "challenge-response" techniques like the one
described in [RFC 2095] and [RFC 1760], which are designed to defeat
Wu Standards Track