The Stanford SRP Authentication Project

The Secure Remote Password protocol is the core technology behind the Stanford SRP Authentication Project. The Project is an Open Source initiative that integrates secure password authentication into new and existing networked applications.

The Project's primary purpose is to improve password security by making strong password authentication technology a standard part of deployed real-world systems. This is accomplished by making this technology an easy-to-use, hassle-free alternative to weak and vulnerable legacy password authentication schemes. SRP makes these objectives possible because it offers a unique combination of password security, user convenience, and freedom from restrictive licenses.

This site serves as the semi-official home of the SRP distribution, which contains secure versions of Telnet and FTP. In addition, it contains links to a number of SRP-related projects, products (both commercial and non-commercial), and research on the Web.

[NEW] (4/5/2007) Version 2.1.2 is now available. This release contains a fix for a Telnet server vulnerability. Upgrading is highly recommended for anyone running the Telnet server.

Documentation - Learn more about the technology
Demo - See a JavaScript-based demo of SRP in your browser, now with support for the latest SRP-6a protocol.
Download - Source code, API libraries; includes secure Telnet and FTP
- Binary Distributions
- Mirrors
Research Sponsorship Information
References
Links - SRP enabled products, crypto resources

Please direct all comments, questions, and suggestions to Tom Wu (tjw@cs.Stanford.EDU).