The Stanford SRP Authentication Project's fundamental technology is the Secure Remote Password protocol.
The unique combination of password security, user convenience, and license freedom make SRP an excellent choice for deploying secure real-world systems. The semi-official home of the SRP distribution, this site includes links to a range of SRP-related projects, products (both commercial and non-commercial), and research.
Secure password-based authentication and key-exchange protocol, SRP addresses the problem of authenticating clients securely to servers. Specifically, in cases where the client software user memorizes a small secret like a password and carries no other secret information, and the server carries a verifier for each user, allowing it to authenticate the client. SRP exchanges a cryptographically-strong secret as a result of successful authentication, enabling secure communication between the parties.
The updated release includes a range of security fixes for vulnerabilities in Telnet clients, including multiple Telnet Client env_opt_add() and slc_add_reply() buffer overflow vulnerabilities. The default group parameter test strategy now accepts only parameters on the built-in list, addressing an issue originally suggested by Bodo Moeller, University of Calgary. Finally, support for GNU crypto (gcrypt) is now available.
Version 2.1.1: N/A