doc.html
bafd087f5cd06dd23d2824c674a220246331f5dfb1f5bf0e2e864766828a787d
<html>
<head>
<title>SRP: Documentation</title>
</head>
<body fgcolor="#000000" bgcolor="#FFFFFF">
<h1>SRP Documentation</h1>
<h2>Discussion</h2>
<ul>
<li><a href="srpdo.html">What does SRP do?</a>
<li><a href="issues.html">Three Important Issues in Password Authentication</a>
<br><ul>
<li><a href="issues.html#dictionary">Dictionary Attacks</a>
<li><a href="issues.html#plainequiv">Plaintext-Equivalence</a>
<li><a href="issues.html#forwsecrecy">Forward Secrecy</a>
</ul>
<li><a href="history.html">A Brief History of Password Authentication</a>
<br><ul>
<li><a href="history.html#weak">Weak and Obsolete Authentication</a>
<li><a href="history.html#stronger">Stronger Authentication</a>
<li><a href="history.html#inconvenient">Inconvenient Authentication</a>
</ul>
<li><a href="design.html">SRP Protocol Summary</a>
<li><a href="advantages.html">Advantages of SRP</a> (or: How does SRP fit in?)
<br><ul>
<li><a href="advantages.html#security">Security Advantages</a>
<li><a href="advantages.html#technical">Technical Advantages</a>
<li><a href="advantages.html#political">Political Advantages</a>
</ul>
<li><a href="motivation.html">The Case for Moving to SRP</a>
(or: Why should I care?)
<li><a href="others.html">What about smart cards/SecurID/two-factor systems?</a>
<br><ul>
<li><a href="others.html#myths">Common Myths Debunked</a>
<li><a href="others.html#PIN">A Proposal for PIN handling in smart cards</a>
</ul>
<li><a href="ndss98s.ps">Download slides from my NDSS'98 talk (PostScript)</a>
<li><a href="telnet.html">The Stanford Telnet/FTP distribution</a>
<li><a href="names.html">Humor: Unsuccessful Acronym Ideas</a>
</ul>
<hr>
<a name="papers"><h2>Publications</h2></a>
<a href="http://www-cs-students.stanford.edu/~tjw/">T. Wu</a>,
<u>The Secure Remote Password Protocol</u>, in Proceedings of
the 1998 Internet Society Network and Distributed System Security
Symposium, San Diego, CA, Mar 1998, pp. 97-111.
<p>
<b>Abstract:</b>
This paper presents a new password authentication and key-exchange protocol
suitable for authenticating users and exchanging keys over an untrusted
network.
The new protocol resists dictionary attacks mounted by either passive or
active network intruders, allowing, in principle, even weak passphrases to be
used safely.
It also offers perfect forward secrecy, which protects past sessions and
passwords against future compromises.
Finally, user passwords are stored in a form that is not plaintext-equivalent
to the password itself, so an attacker who captures the password database
cannot use it directly to compromise security and gain immediate access to the
host.
This new protocol combines techniques of zero-knowledge proofs with asymmetric
key exchange protocols and offers significantly improved performance over
comparably strong extended methods that resist stolen-verifier attacks such as
Augmented EKE or B-SPEKE.
<p>
<a href="ndss.html"><img src="images/eye_bullet.gif" border=0></a> View the paper in <a href="ndss.html">HTML</a> or
<a href="ftp://srp.stanford.edu/pub/srp/srp.ps">PostScript</a>.
<p>
<hr>
<a name="drafts"><h2>Internet-Drafts</h2></a>
<dl>
<dt><a href="ftp://ietf.org/internet-drafts/draft-wu-srp-auth-02.txt">draft-wu-srp-auth-01.txt</a>
<dd>An Internet-Draft describing the SRP authentication
mechanism in detail.
<dt><a href="ftp://ietf.org/internet-drafts/draft-wu-telnet-auth-srp-02.txt">draft-wu-telnet-auth-srp-01.txt</a>
<dd>A full description of the Telnet Authentication Option
for SRP, based on RFC 1416, Telnet Authentication.
</dl>
<hr>
<h2>Other</h2>
View the <a href="http://grouper.ieee.org/groups/1363/addendum.html">contributions</a>
submitted to the
<a href="http://grouper.ieee.org/groups/1363/">IEEE P1363 Working Group</a>.
<p>
<hr>
<a href="index.html">Back</a>
</body>
</html>