CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Secure Remote Password protocol - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"94da1df9-fac6-451d-a7df-ae727426ab47","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Secure_Remote_Password_protocol","wgTitle":"Secure Remote Password protocol","wgCurRevisionId":1253658640,"wgRevisionId":1253658640,"wgArticleId":1306670,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Wikipedia articles needing clarification from February 2014","Key-agreement protocols","Password authentication"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Secure_Remote_Password_protocol","wgRelevantArticleId":1306670,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true, "wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":30000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q576988","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false, "wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","ext.math.styles":"ready","ext.pygments":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","ext.pygments.view","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap" ,"ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.math.styles%7Cext.pygments%2CwikimediaBadges%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Secure Remote Password protocol - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Secure_Remote_Password_protocol"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Secure_Remote_Password_protocol rootpage-Secure_Remote_Password_protocol skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Main menu </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z">Main page</a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia">Contents</a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events">Current events</a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x">Random article</a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works">About Wikipedia</a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia">Contact us</a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia">Help</a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia">Learn to edit</a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors">Community portal</a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r">Recent changes</a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia">Upload file</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"> Search </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Appearance </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class="">Donate</a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Secure+Remote+Password+protocol" title="You are encouraged to create an account and log in; however, it is not mandatory" class="">Create account</a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Secure+Remote+Password+protocol" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class="">Log in</a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Personal tools </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en">Donate</a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Secure+Remote+Password+protocol" title="You are encouraged to create an account and log in; however, it is not mandatory"> Create account</a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Secure+Remote+Password+protocol" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"> Log in</a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing">learn more</a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y">Contributions</a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n">Talk</a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Overview" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Overview"> <div class="vector-toc-text"> 1 Overview </div> </a> <ul id="toc-Overview-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Protocol" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Protocol"> <div class="vector-toc-text"> 2 Protocol </div> </a> <button aria-controls="toc-Protocol-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Protocol subsection </button> <ul id="toc-Protocol-sublist" class="vector-toc-list"> <li id="toc-Example_code_in_Python" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Example_code_in_Python"> <div class="vector-toc-text"> 2.1 Example code in Python </div> </a> <ul id="toc-Example_code_in_Python-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Implementation_pitfalls" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementation_pitfalls"> <div class="vector-toc-text"> 3 Implementation pitfalls </div> </a> <button aria-controls="toc-Implementation_pitfalls-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Implementation pitfalls subsection </button> <ul id="toc-Implementation_pitfalls-sublist" class="vector-toc-list"> <li id="toc-Offline_bruteforce_attack_with_server-first_messaging_in_the_absence_of_key_verification" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Offline_bruteforce_attack_with_server-first_messaging_in_the_absence_of_key_verification"> <div class="vector-toc-text"> 3.1 Offline bruteforce attack with server-first messaging in the absence of key verification </div> </a> <ul id="toc-Offline_bruteforce_attack_with_server-first_messaging_in_the_absence_of_key_verification-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Offline_bruteforce_based_on_timing_attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Offline_bruteforce_based_on_timing_attack"> <div class="vector-toc-text"> 3.2 Offline bruteforce based on timing attack </div> </a> <ul id="toc-Offline_bruteforce_based_on_timing_attack-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Implementations" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementations"> <div class="vector-toc-text"> 4 Implementations </div> </a> <ul id="toc-Implementations-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> 5 History </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> 6 See also </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> 7 References </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> 8 External links </div> </a> <button aria-controls="toc-External_links-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle External links subsection </button> <ul id="toc-External_links-sublist" class="vector-toc-list"> <li id="toc-Manual_pages" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Manual_pages"> <div class="vector-toc-text"> 8.1 Manual pages </div> </a> <ul id="toc-Manual_pages-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-RFCs" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#RFCs"> <div class="vector-toc-text"> 8.2 RFCs </div> </a> <ul id="toc-RFCs-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Other_links" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Other_links"> <div class="vector-toc-text"> 8.3 Other links </div> </a> <ul id="toc-Other_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Toggle the table of contents </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading">Secure Remote Password protocol</h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 4 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-4" aria-hidden="true" > 4 languages </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Secure_Remote_Password" title="Secure Remote Password – Spanish" lang="es" hreflang="es" data-title="Secure Remote Password" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target">Español</a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Secure_Remote_Password" title="Secure Remote Password – French" lang="fr" hreflang="fr" data-title="Secure Remote Password" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target">Français</a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Secure_Remote_Password" title="Secure Remote Password – Polish" lang="pl" hreflang="pl" data-title="Secure Remote Password" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target">Polski</a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/SRP" title="SRP – Russian" lang="ru" hreflang="ru" data-title="SRP" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target">Русский</a></li> </ul> <div class="after-portlet after-portlet-lang"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q576988#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Secure_Remote_Password_protocol" title="View the content page [c]" accesskey="c">Article</a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Secure_Remote_Password_protocol" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t">Talk</a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >English </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Secure_Remote_Password_protocol">Read</a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&action=history" title="Past revisions of this page [h]" accesskey="h">View history</a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >Tools </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Secure_Remote_Password_protocol">Read</a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&action=history">View history</a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Secure_Remote_Password_protocol" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j">What links here</a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Secure_Remote_Password_protocol" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u">Upload file</a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&oldid=1253658640" title="Permanent link to this revision of this page">Permanent link</a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&action=info" title="More information about this page">Page information</a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Secure_Remote_Password_protocol&id=1253658640&wpFormIdentifier=titleform" title="Information on how to cite this page">Cite this page</a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecure_Remote_Password_protocol">Get shortened URL</a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSecure_Remote_Password_protocol">Download QR code</a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Secure_Remote_Password_protocol&action=show-download-screen" title="Download this page as a PDF file">Download as PDF</a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Secure_Remote_Password_protocol&printable=yes" title="Printable version of this page [p]" accesskey="p">Printable version</a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q576988" title="Structured data on this page hosted by Wikidata [g]" accesskey="g">Wikidata item</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Augmented password-authenticated key exchange protocol</div> The Secure Remote Password protocol (SRP) is an augmented <a href="/wiki/Password-authenticated_key_agreement" title="Password-authenticated key agreement">password-authenticated key exchange</a> (PAKE) protocol, specifically designed to work around existing patents.<a href="#cite_note-1">[1]</a> Like all PAKE protocols, an eavesdropper or <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man in the middle</a> cannot obtain enough information to be able to <a href="/wiki/Brute-force_attack" title="Brute-force attack">brute-force guess</a> a password or apply a <a href="/wiki/Dictionary_attack" title="Dictionary attack">dictionary attack</a> without further interactions with the parties for each guess. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data.<a href="#cite_note-2">[2]</a> This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password. In layman's terms, during SRP (or any other PAKE protocol) authentication, one party (the "client" or "user") demonstrates to another party (the "server") that they know the password, without sending the password itself nor any other information from which the password can be derived. The password never leaves the client and is unknown to the server. Furthermore, the server also needs to know about the password (but not the password itself) in order to instigate the secure connection. This means that the server also authenticates itself to the client which prevents <a href="/wiki/Phishing" title="Phishing">phishing</a> without reliance on the user parsing complex URLs. The only mathematically proven security property of SRP is that it is equivalent to Diffie-Hellman against a passive attacker.<a href="#cite_note-3">[3]</a> Newer PAKEs such as AuCPace<a href="#cite_note-4">[4]</a> and OPAQUE offer stronger guarantees.<a href="#cite_note-5">[5]</a> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Overview">Overview</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=1" title="Edit section: Overview">edit</a>]</div> The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to <a href="/wiki/Dictionary_attack" title="Dictionary attack">dictionary attacks</a> mounted by an eavesdropper, and it does not require a <a href="/wiki/Trusted_third_party" title="Trusted third party">trusted third party</a>. It effectively conveys a <a href="/wiki/Zero-knowledge_password_proof" title="Zero-knowledge password proof">zero-knowledge password proof</a> from the user to the server. In revision 6 of the protocol only one password can be guessed per connection attempt. One of the interesting properties of the protocol is that even if one or two of the cryptographic primitives it uses are attacked, it is still secure. The SRP protocol has been revised several times, and is currently at revision 6a. The SRP protocol creates a large private key shared between the two parties in a manner similar to <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> based on the client side having the user password and the server side having a <a href="/wiki/Cryptography" title="Cryptography">cryptographic</a> verifier derived from the password. The shared public key is derived from two random numbers, one generated by the client, and the other generated by the server, which are unique to the login attempt. In cases where encrypted communications as well as authentication are required, the SRP protocol is more secure than the alternative <a href="/wiki/Secure_Shell" title="Secure Shell">SSH</a> protocol and faster than using <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> with signed messages. It is also independent of third parties, unlike <a href="/wiki/Kerberos_(protocol)" title="Kerberos (protocol)">Kerberos</a>. The SRP protocol, version 3 is described in RFC 2945. SRP version 6a is also used for strong password authentication in <a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">SSL/TLS</a><a href="#cite_note-6">[6]</a> (in <a href="/wiki/TLS-SRP" title="TLS-SRP">TLS-SRP</a>) and other standards such as <a href="/wiki/Extensible_Authentication_Protocol" title="Extensible Authentication Protocol">EAP</a><a href="#cite_note-7">[7]</a> and <a href="/wiki/Security_Assertion_Markup_Language" title="Security Assertion Markup Language">SAML</a>, and is part of <a href="/wiki/IEEE_P1363" title="IEEE P1363">IEEE 1363.2</a> and ISO/IEC 11770-4. <div class="mw-heading mw-heading2"><h2 id="Protocol">Protocol</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=2" title="Edit section: Protocol">edit</a>]</div> The following notation is used in this description of the protocol, version 6: <ul><li>q and N = 2q + 1 are chosen such that both are prime (which makes q a <a href="/wiki/Sophie_Germain_prime" class="mw-redirect" title="Sophie Germain prime">Sophie Germain prime</a> and N a <a href="/wiki/Safe_prime" class="mw-redirect" title="Safe prime">safe prime</a>). N must be large enough so that computing discrete logarithms modulo N is infeasible.</li> <li>All arithmetic is performed in the <a href="/wiki/Ring_of_integers" title="Ring of integers">ring of integers</a> modulo N, <math xmlns="http://www.w3.org/1998/Math/MathML" alttext="{\displaystyle \scriptstyle \mathbb {Z} _{N}}"> <semantics> <mrow class="MJX-TeXAtom-ORD"> <mstyle displaystyle="true" scriptlevel="0"> <mstyle displaystyle="false" scriptlevel="1"> <msub> <mrow class="MJX-TeXAtom-ORD"> <mi mathvariant="double-struck">Z</mi> </mrow> <mrow class="MJX-TeXAtom-ORD"> <mi>N</mi> </mrow> </msub> </mstyle> </mstyle> </mrow> <annotation encoding="application/x-tex">{\displaystyle \scriptstyle \mathbb {Z} _{N}}</annotation> </semantics> </math><img src="https://wikimedia.org/api/rest_v1/media/math/render/svg/bf35ef0285944e01c09509aaec613d08ea0230c7" class="mwe-math-fallback-image-inline mw-invert skin-invert" aria-hidden="true" style="vertical-align: -0.671ex; width:2.445ex; height:2.009ex;" alt="{\displaystyle \scriptstyle \mathbb {Z} _{N}}">. This means that below g<var style="padding-right: 1px;">x</var> should be read as g<var style="padding-right: 1px;">x</var>mod N</li> <li>g is a <a href="/wiki/Multiplicative_group_of_integers_modulo_n" title="Multiplicative group of integers modulo n">generator of the multiplicative group <math xmlns="http://www.w3.org/1998/Math/MathML" alttext="{\displaystyle \scriptstyle \mathbb {Z} _{N}^{*}}"> <semantics> <mrow class="MJX-TeXAtom-ORD"> <mstyle displaystyle="true" scriptlevel="0"> <mstyle displaystyle="false" scriptlevel="1"> <msubsup> <mrow class="MJX-TeXAtom-ORD"> <mi mathvariant="double-struck">Z</mi> </mrow> <mrow class="MJX-TeXAtom-ORD"> <mi>N</mi> </mrow> <mrow class="MJX-TeXAtom-ORD"> <mo>∗</mo> </mrow> </msubsup> </mstyle> </mstyle> </mrow> <annotation encoding="application/x-tex">{\displaystyle \scriptstyle \mathbb {Z} _{N}^{*}}</annotation> </semantics> </math><img src="https://wikimedia.org/api/rest_v1/media/math/render/svg/0f4be728b59af693787c5860befd60b664208a35" class="mwe-math-fallback-image-inline mw-invert skin-invert" aria-hidden="true" style="vertical-align: -0.838ex; width:2.445ex; height:2.343ex;" alt="{\displaystyle \scriptstyle \mathbb {Z} _{N}^{*}}"></a>.</li> <li>H() is a <a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">hash</a> function; e.g., SHA-256.</li> <li>k is a parameter derived by both sides; in SRP-6, k = 3, while in SRP-6a it is derived from N and g : k = H(N, g). It is used to prevent a 2-for-1 guess when an active attacker impersonates the server.<a href="#cite_note-srp6-8">[8]</a><a href="#cite_note-9">[9]</a></li> <li>s is a <a href="/wiki/Salt_(cryptography)" title="Salt (cryptography)">salt</a>.</li> <li>I is an identifying username.</li> <li>p is the user's password.</li> <li>v is the host's password verifier, v = g<var style="padding-right: 1px;">x</var> where at a minimum x = H(s, p). As x is only computed on the client it is free to choose a stronger algorithm. An implementation could choose to use x = H(s | I | p) without affecting any steps required of the host. The standard <a rel="nofollow" class="external text" href="https://tools.ietf.org/html/rfc2945">RFC2945</a> defines x = H(s | H ( I | ":" | p) ). Use of I within x avoids a malicious server from being able to learn if <a rel="nofollow" class="external text" href="https://crypto.stackexchange.com/a/9430">two users share the same password</a>.</li> <li>A and B are random one time ephemeral keys of the user and host respectively.</li> <li>| (pipe) denotes concatenation.</li></ul> All other variables are defined in terms of these. First, to establish a password p with server Steve, client Carol picks a random <a href="/wiki/Salt_(cryptography)" title="Salt (cryptography)">salt</a> s, and computes x = H(s, p), v = g<var style="padding-right: 1px;">x</var>. Steve stores v and s, indexed by I, as Carol's password verifier and salt. Carol must not share x with anybody, and must safely erase it at this step, because it is <a href="/wiki/Pass_the_hash" title="Pass the hash">equivalent</a> to the plaintext password p. This step is completed before the system is used as part of the user registration with Steve. Note that the salt s is shared and exchanged to negotiate a session key later so the value could be chosen by either side but is done by Carol so that she can register I, s and v in a single registration request. The transmission and authentication of the registration request is not covered in SRP. Then to perform a proof of password at a later date the following exchange protocol occurs: <ol><li>Carol → Steve: generate random value a; send I and A = g<var style="padding-right: 1px;">a</var></li> <li>Steve → Carol: generate random value b; send s and B = kv + g<var style="padding-right: 1px;">b</var></li> <li>Both: u = H(A, B)</li> <li>Carol: SCarol = (B − kg<var style="padding-right: 1px;">x</var>)(a + ux) = (kv + g<var style="padding-right: 1px;">b</var> − kg<var style="padding-right: 1px;">x</var>)(a + ux) = (kg<var style="padding-right: 1px;">x</var> − kg<var style="padding-right: 1px;">x</var> + g<var style="padding-right: 1px;">b</var>)(a + ux) = (g<var style="padding-right: 1px;">b</var>)(a + ux)</li> <li>Carol: KCarol = H(SCarol)</li> <li>Steve: SSteve = (Av<var style="padding-right: 1px;">u</var>)<var style="padding-right: 1px;">b</var> = (g<var style="padding-right: 1px;">a</var>v<var style="padding-right: 1px;">u</var>)<var style="padding-right: 1px;">b</var> = [g<var style="padding-right: 1px;">a</var>(g<var style="padding-right: 1px;">x</var>)<var style="padding-right: 1px;">u</var>]<var style="padding-right: 1px;">b</var> = (ga + ux)<var style="padding-right: 1px;">b</var> = (g<var style="padding-right: 1px;">b</var>)(a + ux)</li> <li>Steve: KSteve = H(SSteve) = KCarol</li></ol> Now the two parties have a shared, strong session key K. To complete authentication, they need to prove to each other that their keys match. One possible way is as follows: <ol><li>Carol → Steve: M1 = H[H(N) <a href="/wiki/XOR" class="mw-redirect" title="XOR">XOR</a> H(g) | H(I) | s | A | B | KCarol]. Steve verifies M1.</li> <li>Steve → Carol: M2 = H(A | M1 | KSteve). Carol verifies M2.</li></ol> This method requires guessing more of the shared state to be successful in impersonation than just the key. While most of the additional state is public, private information could safely be added to the inputs to the hash function, like the server private key.[<a href="/wiki/Wikipedia:Please_clarify" title="Wikipedia:Please clarify">clarification needed</a>] Alternatively, in a password-only proof the calculation of K can be skipped and the shared S proven with: <ol><li>Carol → Steve: M1 = H(A | B | SCarol). Steve verifies M1.</li> <li>Steve → Carol: M2 = H(A | M1 | SSteve). Carol verifies M2.</li></ol> When using SRP to negotiate a shared key K which will be immediately used after the negotiation, it is tempting to skip the verification steps of M1 and M2. The server will reject the very first request from the client which it cannot decrypt. This can however be dangerous as demonstrated in the Implementation Pitfalls section below. The two parties also employ the following safeguards: <ol><li>Carol will abort if she receives B = 0 (mod N) or u = 0.</li> <li>Steve will abort if he receives A (mod N) = 0.</li> <li>Carol must show her proof of K (or S) first. If Steve detects that Carol's proof is incorrect, he must abort without showing his own proof of K (or S)</li></ol> <div class="mw-heading mw-heading3"><h3 id="Example_code_in_Python">Example code in Python</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=3" title="Edit section: Example code in Python">edit</a>]</div> <div class="mw-highlight mw-highlight-lang-python mw-content-ltr" dir="ltr"><pre>""" An example SRP authentication WARNING: Do not use for real cryptographic purposes beyond testing. WARNING: This below code misses important safeguards. It does not check A, B, and U are not zero. based on http://srp.stanford.edu/design.html """ import hashlib import random # Note: str converts as is, str([1,2,3,4]) will convert to "[1,2,3,4]" def H(*args) -> int: """A one-way hash function.""" a = ":".join(str(a) for a in args) return int(hashlib.sha256(a.encode("utf-8")).hexdigest(), 16) def cryptrand(n: int = 1024): return random.SystemRandom().getrandbits(n) % N # A large safe prime (N = 2q+1, where q is prime) # All arithmetic is done modulo N # (generated using "openssl dhparam -text 1024") N = """00:c0:37:c3:75:88:b4:32:98:87:e6:1c:2d:a3:32: 4b:1b:a4:b8:1a:63:f9:74:8f:ed:2d:8a:41:0c:2f: c2:1b:12:32:f0:d3:bf:a0:24:27:6c:fd:88:44:81: 97:aa:e4:86:a6:3b:fc:a7:b8:bf:77:54:df:b3:27: c7:20:1f:6f:d1:7f:d7:fd:74:15:8b:d3:1c:e7:72: c9:f5:f8:ab:58:45:48:a9:9a:75:9b:5a:2c:05:32: 16:2b:7b:62:18:e8:f1:42:bc:e2:c3:0d:77:84:68: 9a:48:3e:09:5e:70:16:18:43:79:13:a8:c3:9c:3d: d0:d4:ca:3c:50:0b:88:5f:e3""" N = int("".join(N.split()).replace(":", ""), 16) g = 2 # A generator modulo N k = H(N, g) # Multiplier parameter (k=3 in legacy SRP-6) F = '#0x' # Format specifier print("#. H, N, g, and k are known beforehand to both client and server:") print(f'{H = }\n{N = :{F}}\n{g = :{F}}\n{k = :{F}}') print("\n0. server stores (I, s, v) in its password database") # The server must first generate the password verifier I = "person" # Username p = "password1234" # Password s = cryptrand(64) # Salt for the user x = H(s, I, p) # Private key v = pow(g, x, N) # Password verifier print(f'{I = }\n{p = }\n{s = :{F}}\n{x = :{F}}\n{v = :{F}}') # 0. server stores(I, s, v) in its password database # I = 'person' # p = 'password1234' # s = 0x67bc8932cfd26a49 # x = 0x98a4bce8dde877762a90222f1a1161eba9248590a47eb83aa9e5bd7ecda5368d # v = 0xa7e2038e675d577ac0f318999cab67bba7ec2daf45d2d09f7911b1b78d2fc7f963cd0ac8f17851e0516f059e453672c3b70fcecf5f6843180b271abdd01f552ccda7b24fe4719336409cbc1352f8517be651b8935cc0b74ff2819fa07a3f031537d4cfd9f8df7b788a5f2f88e1cd4106b35c38b3d7205a # <demo> --- stop --- print("\n1. client sends username I and public ephemeral value A to the server") a = cryptrand() A = pow(g, a, N) print(f"{I = }\n{A = :{F}}") # client->server (I, A) # 1. client sends username I and public ephemeral value A to the server # I = 'person' # A = 0x678556a7e76581e051af656e8cee57ae46df43f1fce790f7750a3ec5308a85da4ec4051e5cb74d3e463685ee975a2747cf49035be67c931b56e793f23ea3524af8909dcfbc8675d872361025bf884778587ac49454a57c53a011ac2be2839bfb51bf7847a49a483aba870dc7a8b467a81cec91b8ae7813 # <demo> --- stop --- print("\n2. server sends user's salt s and public ephemeral value B to client") b = cryptrand() B = (k * v + pow(g, b, N)) % N print(f"{s = :{F}}\n{B = :{F}}") # server->client (s, B) # 2. server sends user's salt s and public ephemeral value B to client # s = 0x67bc8932cfd26a49 # B = 0xb615a0a5ea6abf138077bbd869f6a8da37dfc0b7e06a9f5fac5c1e4109c6302cb3e94dcc2cc76da7b3d87d7e9b68a1db998ab239cfde609f3f7a1ece4a491ce3d9a665c20cf4e4f06730daaa8f52ed61e45bbb67cdc337bf648027ffa7f0f215d5ebe43f9f51832518f1142266aae0dfa960e0082b5154 # <demo> --- stop --- print("\n3. client and server calculate the random scrambling parameter") u = H(A, B) # Random scrambling parameter print(f"{u = :{F}}") # 3. client and server calculate the random scrambling parameter # u = 0x796b07e354c04f672af8b76a46560655086355a9bbce11361f01b45d991c0c52 # <demo> --- stop --- print("\n4. client computes session key") x = H(s, I, p) S_c = pow(B - k * pow(g, x, N), a + u * x, N) K_c = H(S_c) print(f"{S_c = :{F}}\n{K_c = :{F}}") # 4. client computes session key # S_c = 0x699170aff6e9f08ed09a1dff432bf0605b8bcba05aadcaeea665757d06dbda4348e211d16c10ef4678585bcb2809a83c62b6c19d97901274ddafd4075f90604c06baf036af587af8540342b47867eaa22b9ca5e35ac14c8e85a0c4e623bd855828dffd513cea4d829c407137a0dd81ab4cde8a904c45cc # K_c = 0x43f8df6e1d2ba762948c8316db5bf03a7af49391742f5f51029630711c1671e # <demo> --- stop --- print("\n5. server computes session key") S_s = pow(A * pow(v, u, N), b, N) K_s = H(S_s) print(f"{S_s = :{F}}\n{K_s = :{F}}") # 5. server computes session key # S_s = 0x699170aff6e9f08ed09a1dff432bf0605b8bcba05aadcaeea665757d06dbda4348e211d16c10ef4678585bcb2809a83c62b6c19d97901274ddafd4075f90604c06baf036af587af8540342b47867eaa22b9ca5e35ac14c8e85a0c4e623bd855828dffd513cea4d829c407137a0dd81ab4cde8a904c45cc # K_s = 0x43f8df6e1d2ba762948c8316db5bf03a7af49391742f5f51029630711c1671e # <demo> --- stop --- print("\n6. client sends proof of session key to server") M_c = H(H(N) ^ H(g), H(I), s, A, B, K_c) print(f"{M_c = :{F}}") # client->server (M_c) ; server verifies M_c # 6. client sends proof of session key to server # M_c = 0x75500df4ea36e06406ac1f8a8241429b8e90a8cba3adda3405c07f19ea3101e8 # <demo> --- stop --- print("\n7. server sends proof of session key to client") M_s = H(A, M_c, K_s) print(f"{M_s = :{F}}") # server->client (M_s) ; client verifies M_s # 7. server sends proof of session key to client # M_s = 0x182ed24d1ad2fb55d2268c46b42435d1ef02e0fc49f647c03dab8b2a48b0bd3d </pre></div> <div class="mw-heading mw-heading2"><h2 id="Implementation_pitfalls">Implementation pitfalls</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=4" title="Edit section: Implementation pitfalls">edit</a>]</div> <div class="mw-heading mw-heading3"><h3 id="Offline_bruteforce_attack_with_server-first_messaging_in_the_absence_of_key_verification">Offline bruteforce attack with server-first messaging in the absence of key verification</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=5" title="Edit section: Offline bruteforce attack with server-first messaging in the absence of key verification">edit</a>]</div> If the server sends an encrypted message without waiting for verification from the client then an attacker is able to mount an offline bruteforce attack similar to hash cracking. This can happen if the server sends an encrypted message in the second packet alongside the salt and B or if key verification is skipped and the server (rather than the client) sends the first encrypted message. This is tempting as after the very first packet, the server has every information to compute the shared key K. The attack goes as follow: <ol><li>Carol → Steve: generate random value a; send I and A = g<var style="padding-right: 1px;">a</var></li> <li>Steve: u = H(A, B); S=Av<var style="padding-right: 1px;">u</var>; K=H(S)</li> <li>Steve: generate message m and encrypts it to produce c=ENC(K,m)</li> <li>Steve → Carol: generate random value b; send s, B = kv + g<var style="padding-right: 1px;">b</var> and c</li></ol> Carol doesn't know x or v. But given any password p she can compute: <ul><li>xp = H(salt, p)</li> <li>Sp = (B - kgxp)(a + uxp)</li> <li>Kp = H(Sp)</li></ul> Kp is the key that Steve would use if p was the expected password. All values required to compute Kp are either controlled by Carol or known from the first packet from Steve. Carol can now try to guess the password, generate the corresponding key, and attempt to decrypt Steve's encrypted message c to verify the key. As protocol messages tend to be structured, it is assumed that identifying that c was properly decrypted is easy. This allows offline recovery of the password. This attack would not be possible had Steve waited for Carol to prove she was able to compute the correct key before sending an encrypted message. Proper implementations of SRP are not affected by this attack as the attacker would be unable to pass the key verification step. <div class="mw-heading mw-heading3"><h3 id="Offline_bruteforce_based_on_timing_attack">Offline bruteforce based on timing attack</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=6" title="Edit section: Offline bruteforce based on timing attack">edit</a>]</div> In 2021 Daniel De Almeida Braga, Pierre-Alain Fouque and Mohamed Sabt published PARASITE,<a href="#cite_note-10">[10]</a> a paper in which they demonstrate practical exploitation of a timing attack over the network. This exploits non-constant implementations of modular exponentiation of big numbers and impacted OpenSSL in particular. <div class="mw-heading mw-heading2"><h2 id="Implementations">Implementations</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=7" title="Edit section: Implementations">edit</a>]</div> <ul><li><a rel="nofollow" class="external text" href="https://github.com/Glusk/srp6-variables">SRP-6 Variables</a> A Java library of cryptographic primitives required to implement the SRP-6 protocol.</li> <li><a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> version 1.0.1 or later.</li> <li><a href="/wiki/Botan_(programming_library)" title="Botan (programming library)">Botan</a> (the C++ crypto library) contains an implementation of SRP-6a</li> <li><a href="/wiki/TLS-SRP" title="TLS-SRP">TLS-SRP</a> is a set of ciphersuites for <a href="/wiki/Transport_layer_security" class="mw-redirect" title="Transport layer security">transport layer security</a> that uses SRP.</li> <li><a rel="nofollow" class="external text" href="https://github.com/symeapp/srp-client">srp-client</a> SRP-6a implementation in <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a> (compatible with RFC 5054), open source, <a href="/wiki/Mozilla_Public_License" title="Mozilla Public License">Mozilla Public License</a> (MPL) licensed.</li> <li>The <a rel="nofollow" class="external text" href="https://clipperz.is/open_source/javascript_crypto_library">JavaScript Crypto Library</a> includes a JavaScript implementation of the SRP protocol, open source, <a href="/wiki/Berkeley_Software_Distribution" title="Berkeley Software Distribution">BSD</a> licensed.</li> <li><a rel="nofollow" class="external text" href="https://www.gnu.org/software/gnu-crypto/">Gnu Crypto</a> provide a <a href="/wiki/Java_(programming_language)" title="Java (programming language)">Java</a> implementation licensed under the <a href="/wiki/GNU_General_Public_License" title="GNU General Public License">GNU General Public License</a> with the "library exception", which permits its use as a library in conjunction with non-Free software.</li> <li><a href="/wiki/Bouncy_Castle_(cryptography)" title="Bouncy Castle (cryptography)">The Legion of the Bouncy Castle</a> provides Java and <a href="/wiki/C_Sharp_(programming_language)" title="C Sharp (programming language)">C#</a> implementations under the <a href="/wiki/MIT_License" title="MIT License">MIT License</a>.</li> <li><a rel="nofollow" class="external text" href="http://connect2id.com/products/nimbus-srp">Nimbus SRP</a> is a Java library providing a verifier generator, client and server-side sessions. Includes interfaces for custom password key, client and server evidence message routines. No external dependencies. Released under the <a href="/wiki/Apache_License" title="Apache License">Apache 2.0 license</a>.</li> <li><a rel="nofollow" class="external text" href="https://code.google.com/p/srplibcpp/">srplibcpp</a> is a C++ implement base on <a href="/w/index.php?title=MIRACL_(software)&action=edit&redlink=1" class="new" title="MIRACL (software) (page does not exist)">MIRACL</a>.</li> <li><a rel="nofollow" class="external text" href="https://github.com/slechta/DragonSRP/">DragonSRP</a> is a C++ modular implementation currently works with <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a>.</li> <li><a href="/wiki/Json2Ldap" title="Json2Ldap">Json2Ldap</a> provides SRP-6a authentication to <a href="/wiki/Lightweight_Directory_Access_Protocol" title="Lightweight Directory Access Protocol">LDAP</a> directory servers.</li> <li><a rel="nofollow" class="external text" href="https://github.com/cocagne/csrp">csrp</a> SRP-6a implementation in C.</li> <li><a rel="nofollow" class="external text" href="https://search.cpan.org/~mik/Crypt-SRP/">Crypt-SRP</a> SRP-6a implementation in <a href="/wiki/Perl" title="Perl">Perl</a>.</li> <li><a rel="nofollow" class="external text" href="https://github.com/cocagne/pysrp">pysrp</a> SRP-6a implementation in <a href="/wiki/Python_(programming_language)" title="Python (programming language)">Python</a> (compatible with <a rel="nofollow" class="external text" href="https://code.google.com/p/csrp/">csrp</a>).</li> <li><a rel="nofollow" class="external text" href="https://bitbucket.org/pbleyer/py3srp">py3srp</a> SRP-6a implementation in pure <a href="/wiki/Python_(programming_language)" title="Python (programming language)">Python3</a>.</li> <li><a rel="nofollow" class="external text" href="https://pypi.org/project/srptools/">srptools</a> Tools to implement Secure Remote Password (SRP) authentication in <a href="/wiki/Python_(programming_language)" title="Python (programming language)">Python</a>. <a rel="nofollow" class="external text" href="https://github.com/secure-remote-password/implementations">Verified compatible libraries</a>.</li> <li><a rel="nofollow" class="external text" href="http://meteor.com/">Meteor</a> web framework's Accounts system implements SRP for password authentication.</li> <li><a rel="nofollow" class="external text" href="https://github.com/lamikae/srp-rb">srp-rb</a> SRP-6a implementation in <a href="/wiki/Ruby_(programming_language)" title="Ruby (programming language)">Ruby</a>.</li> <li><a rel="nofollow" class="external text" href="https://github.com/falkmueller/srp">falkmueller</a> <a rel="nofollow" class="external text" href="https://code.falk-m.de/srp/">demo SRP-6a</a> implementation of the <a href="/wiki/Stanford_University" title="Stanford University">Stanford</a> SRP Protocol Design in <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a> and <a href="/wiki/PHP" title="PHP">PHP</a> under the <a href="/wiki/MIT_License" title="MIT License">MIT License</a>.</li> <li><a rel="nofollow" class="external text" href="https://github.com/RuslanZavacky/srp-6a-demo">srp-6a-demo</a> SRP-6a implementation in <a href="/wiki/PHP" title="PHP">PHP</a> and <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a>.</li> <li><a rel="nofollow" class="external text" href="https://bitbucket.org/simon_massey/thinbus-srp-js">thinbus-srp-js</a> SRP-6a implementation in <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a>. Comes with compatible <a href="/wiki/Java_(programming_language)" title="Java (programming language)">Java</a> classes which use <a rel="nofollow" class="external text" href="http://software.dzhuvinov.com/nimbus-srp.html">Nimbus SRP</a> a demonstration app using <a href="/wiki/Spring_Security" title="Spring Security">Spring Security</a>. There is also a demonstration application performing authentication to a <a href="/wiki/PHP" title="PHP">PHP</a> server. Released under the <a href="/wiki/Apache_License" title="Apache License">Apache License</a>.</li> <li><a rel="nofollow" class="external text" href="https://bitwiseshiftleft.github.io/sjcl/">Stanford JavaScript Crypto Library (SJCL)</a> implements SRP for key exchange.</li> <li><a rel="nofollow" class="external text" href="https://github.com/mozilla/node-srp">node-srp</a> is a JavaScript client and server (node.js) implementation of SRP.</li> <li><a rel="nofollow" class="external text" href="https://sourceforge.net/projects/srp6-for-csharp-and-java/">SRP6 for C# and Java</a> implementation in C# and Java.</li> <li><a rel="nofollow" class="external text" href="https://github.com/AddAloner/ALOSRPAuth">ALOSRPAuth</a> is an Objective-C implementation of SRP-6a.</li> <li><a rel="nofollow" class="external text" href="https://github.com/opencoff/go-srp">go-srp</a> is a Go implementation of SRP-6a.</li> <li><a rel="nofollow" class="external text" href="https://github.com/midonet/tssrp6a">tssrp6a</a> is a TypeScript implementation of SRP-6a.</li> <li><a rel="nofollow" class="external text" href="https://github.com/theicenet/theicenet-cryptography">TheIceNet Cryptography</a> Java library to develop cryptography-based Spring Boot applications. Implements SRP-6a. Under <a href="/wiki/Apache_License" title="Apache License">Apache License</a>.</li> <li><a rel="nofollow" class="external text" href="https://github.com/secure-remote-password/srp.net">SRP-6a</a> in .NET implementation of SRP-6a</li> <li><a rel="nofollow" class="external text" href="https://support.apple.com/guide/security/homekit-communication-security-sec3a881ccb1/web">Apple Homekit</a> <a href="/wiki/Apple_Homekit" class="mw-redirect" title="Apple Homekit">Apple Homekit</a> uses SRP when pairing with "smart" home accessories & devices</li> <li><a rel="nofollow" class="external text" href="https://proton.me/blog/encrypted-email-authentication">Proton Mail</a> Authentication for Email Encryption</li> <li><a rel="nofollow" class="external text" href="https://github.com/posterity/srp">SRP</a> is a Go implementation of SRP, used to authenticate users on <a rel="nofollow" class="external text" href="https://posterity.life">Posterity</a>.</li></ul> <div class="mw-heading mw-heading2"><h2 id="History">History</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=8" title="Edit section: History">edit</a>]</div> The SRP project was started in 1997.<a href="#cite_note-11">[11]</a> Two different approaches to fixing a security hole in SRP-1 resulted in SRP-2 and SRP-3.<a href="#cite_note-12">[12]</a> SRP-3 was first published in 1998 in a conference.<a href="#cite_note-13">[13]</a> RFC 2945, which describes SRP-3 with SHA1, was published in 2000.<a href="#cite_note-14">[14]</a> SRP-6, which fixes "two-for-one" guessing and messaging ordering attacks, was published in 2002.<a href="#cite_note-srp6-8">[8]</a> SRP-6a appeared in the official "libsrp" in version 2.1.0, dated 2005.<a href="#cite_note-15">[15]</a> SRP-6a is found in standards as: <ul><li>ISO/IEC 11770-4:2006 "Key Agreement Mechanism 2" (calls the method "SRP-6, but has the k calculation of 6a)</li> <li>RFC 5054 TLS-SRP of 2007 (again referred to as "SRP-6", but corrected in erratum<a href="#cite_note-16">[16]</a>)</li> <li>IEEE Std 1363.2-2008 "DLAPKAS-SRP6" (again referred to as "SRP-6")<a href="#cite_note-17">[17]</a></li></ul> IEEE 1363.2 also includes a description of "SRP5", a variant replacing the discrete logarithm with an <a href="/wiki/Elliptic_curve" title="Elliptic curve">elliptic curve</a> contributed by Yongge Wang in 2001.<a href="#cite_note-18">[18]</a> It also describes SRP-3 as found in RFC 2945. <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=9" title="Edit section: See also">edit</a>]</div> <ul><li><a href="/wiki/Challenge%E2%80%93response_authentication" title="Challenge–response authentication">Challenge–response authentication</a></li> <li><a href="/wiki/Password-authenticated_key_agreement" title="Password-authenticated key agreement">Password-authenticated key agreement</a></li> <li><a href="/wiki/Salted_Challenge_Response_Authentication_Mechanism" title="Salted Challenge Response Authentication Mechanism">Salted Challenge Response Authentication Mechanism</a> (SCRAM)</li> <li><a href="/wiki/SPEKE" title="SPEKE">Simple Password Exponential Key Exchange</a></li> <li><a href="/wiki/Zero-knowledge_password_proof" title="Zero-knowledge password proof">Zero-knowledge password proof</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=10" title="Edit section: References">edit</a>]</div> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-1"><a href="#cite_ref-1">^</a> <style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://srp.stanford.edu/whatisit.html">"What is SRP?"</a>. <a href="/wiki/Stanford_University" title="Stanford University">Stanford University</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+is+SRP%3F&rft.pub=Stanford+University&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fwhatisit.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-2"><a href="#cite_ref-2">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShermanLanusLiskovZieglar2020" class="citation cs2">Sherman, Alan T.; Lanus, Erin; Liskov, Moses; Zieglar, Edward; Chang, Richard; Golaszewski, Enis; Wnuk-Fink, Ryan; Bonyadi, Cyrus J.; Yaksetig, Mario (2020), Nigam, Vivek; Ban Kirigin, Tajana; Talcott, Carolyn; Guttman, Joshua (eds.), "Formal Methods Analysis of the Secure Remote Password Protocol", Logic, Language, and Security: Essays Dedicated to Andre Scedrov on the Occasion of His 65th Birthday, Lecture Notes in Computer Science, Cham: Springer International Publishing, pp. 103–126, <a href="/wiki/ArXiv_(identifier)" class="mw-redirect" title="ArXiv (identifier)">arXiv</a>:<a rel="nofollow" class="external text" href="https://arxiv.org/abs/2003.07421">2003.07421</a>, <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-030-62077-6_9">10.1007/978-3-030-62077-6_9</a>, <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-030-62077-6" title="Special:BookSources/978-3-030-62077-6"><bdi>978-3-030-62077-6</bdi></a></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Logic%2C+Language%2C+and+Security%3A+Essays+Dedicated+to+Andre+Scedrov+on+the+Occasion+of+His+65th+Birthday&rft.atitle=Formal+Methods+Analysis+of+the+Secure+Remote+Password+Protocol&rft.pages=103-126&rft.date=2020&rft_id=info%3Aarxiv%2F2003.07421&rft_id=info%3Adoi%2F10.1007%2F978-3-030-62077-6_9&rft.isbn=978-3-030-62077-6&rft.aulast=Sherman&rft.aufirst=Alan+T.&rft.au=Lanus%2C+Erin&rft.au=Liskov%2C+Moses&rft.au=Zieglar%2C+Edward&rft.au=Chang%2C+Richard&rft.au=Golaszewski%2C+Enis&rft.au=Wnuk-Fink%2C+Ryan&rft.au=Bonyadi%2C+Cyrus+J.&rft.au=Yaksetig%2C+Mario&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-3"><a href="#cite_ref-3">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreen2018" class="citation web cs1">Green, Matthew (18 October 2018). <a rel="nofollow" class="external text" href="https://blog.cryptographyengineering.com/should-you-use-srp/">"Should you use SRP?"</a>. A Few Thoughts on Cryptographic Engineering.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=A+Few+Thoughts+on+Cryptographic+Engineering&rft.atitle=Should+you+use+SRP%3F&rft.date=2018-10-18&rft.aulast=Green&rft.aufirst=Matthew&rft_id=https%3A%2F%2Fblog.cryptographyengineering.com%2Fshould-you-use-srp%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> NB: source refers to SRP-6 as SRPv4 for reason unknown. </li> <li id="cite_note-4"><a href="#cite_ref-4">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHaase2023" class="citation web cs1">Haase, Björn (22 January 2023). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/draft-haase-aucpace-07">"(strong) AuCPace, an augmented PAKE [draft-haase-aucpace-07]"</a>. Internet Engineering Task Force. Retrieved 10 June 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=%28strong%29+AuCPace%2C+an+augmented+PAKE+%5Bdraft-haase-aucpace-07%5D&rft.pub=Internet+Engineering+Task+Force&rft.date=2023-01-22&rft.aulast=Haase&rft.aufirst=Bj%C3%B6rn&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-haase-aucpace-07&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-5"><a href="#cite_ref-5">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStanislaw_JareckiHugo_KrawczykJiayu_Xu" class="citation conference cs1">Stanislaw Jarecki; Hugo Krawczyk; Jiayu Xu. <a rel="nofollow" class="external text" href="https://eprint.iacr.org/2018/163.pdf">OPAQUE: An Asymmetric PAKE Protoco lSecure Against Pre-Computation Attacks</a> (PDF). Eurocrypt 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=OPAQUE%3A+An+Asymmetric+PAKE+Protoco+lSecure+Against+Pre-Computation+Attacks&rft.au=Stanislaw+Jarecki&rft.au=Hugo+Krawczyk&rft.au=Jiayu+Xu&rft_id=https%3A%2F%2Feprint.iacr.org%2F2018%2F163.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-6"><a href="#cite_ref-6">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTaylorTom_WuNikos_MavrogiannopoulosTrevor_Perrin2007" class="citation web cs1">Taylor, David; Tom Wu; Nikos Mavrogiannopoulos; Trevor Perrin (November 2007). <a rel="nofollow" class="external text" href="http://tools.ietf.org/html/rfc5054">"Using the Secure Remote Password (SRP) Protocol for TLS Authentication"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Using+the+Secure+Remote+Password+%28SRP%29+Protocol+for+TLS+Authentication&rft.date=2007-11&rft.aulast=Taylor&rft.aufirst=David&rft.au=Tom+Wu&rft.au=Nikos+Mavrogiannopoulos&rft.au=Trevor+Perrin&rft_id=http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5054&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> RFC 5054 </li> <li id="cite_note-7"><a href="#cite_ref-7">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCarlsonBernard_AbobaHenry_Haverinen2001" class="citation web cs1">Carlson, James; Bernard Aboba; Henry Haverinen (July 2001). <a rel="nofollow" class="external text" href="http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03">"EAP SRP-SHA1 Authentication Protocol"</a>. IETF.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=EAP+SRP-SHA1+Authentication+Protocol&rft.pub=IETF&rft.date=2001-07&rft.aulast=Carlson&rft.aufirst=James&rft.au=Bernard+Aboba&rft.au=Henry+Haverinen&rft_id=http%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-pppext-eap-srp-03&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> Draft. </li> <li id="cite_note-srp6-8">^ <a href="#cite_ref-srp6_8-0">a</a> <a href="#cite_ref-srp6_8-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWu2002" class="citation techreport cs1">Wu, Tom (October 29, 2002). <a rel="nofollow" class="external text" href="http://srp.stanford.edu/srp6.ps">SRP-6: Improvements and Refinements to the Secure Remote Password Protocol</a> (Technical report).</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=report&rft.btitle=SRP-6%3A+Improvements+and+Refinements+to+the+Secure+Remote+Password+Protocol&rft.date=2002-10-29&rft.aulast=Wu&rft.aufirst=Tom&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fsrp6.ps&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-9"><a href="#cite_ref-9">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://srp.stanford.edu/design.html">"SRP Protocol Design"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SRP+Protocol+Design&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fdesign.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-10"><a href="#cite_ref-10">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://dl.acm.org/doi/10.1145/3460120.3484563">"PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild"</a>. Retrieved 8 November 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=PARASITE%3A+PAssword+Recovery+Attack+against+Srp+Implementations+in+ThE+wild&rft_id=https%3A%2F%2Fdl.acm.org%2Fdoi%2F10.1145%2F3460120.3484563&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-11"><a href="#cite_ref-11">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://srp.stanford.edu/project.html">"SRP: About the Project"</a>. srp.stanford.edu.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=srp.stanford.edu&rft.atitle=SRP%3A+About+the+Project&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fproject.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-12"><a href="#cite_ref-12">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://srp.stanford.edu/design2.html">"SRP-2: Design Specifications"</a>. srp.stanford.edu.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=srp.stanford.edu&rft.atitle=SRP-2%3A+Design+Specifications&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fdesign2.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-13"><a href="#cite_ref-13">^</a> Wu, T., "<a rel="nofollow" class="external text" href="http://srp.stanford.edu/ndss.html">The Secure Remote Password Protocol</a>", Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium pp. 97-111, March 1998. </li> <li id="cite_note-14"><a href="#cite_ref-14">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://srp.stanford.edu/design3.html">"SRP: Design Specifications"</a>. srp.stanford.edu.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=srp.stanford.edu&rft.atitle=SRP%3A+Design+Specifications&rft_id=http%3A%2F%2Fsrp.stanford.edu%2Fdesign3.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-15"><a href="#cite_ref-15">^</a> CHANGES file in srp-2.1.2.tar.gz, available from <a rel="nofollow" class="external free" href="http://srp.stanford.edu/download.html">http://srp.stanford.edu/download.html</a> </li> <li id="cite_note-16"><a href="#cite_ref-16">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWang" class="citation web cs1">Wang, Mingye. <a rel="nofollow" class="external text" href="https://www.rfc-editor.org/errata/eid7538">"RFC Errata Report #7538"</a>. RFC Editor. Retrieved 15 October 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=RFC+Editor&rft.atitle=RFC+Errata+Report+%237538&rft.aulast=Wang&rft.aufirst=Mingye&rft_id=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid7538&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASecure+Remote+Password+protocol" class="Z3988"> </li> <li id="cite_note-17"><a href="#cite_ref-17">^</a> IEEE 1363.2-2008: IEEE Standard Specification for Password-Based Public-Key Cryptographic Techniques </li> <li id="cite_note-18"><a href="#cite_ref-18">^</a> Wang, Y., "IEEE P1363.2 Submission / D2001-06-21," [P1363.2-ecsrp-06-21.doc] A contribution by Yongge Wang for P1363.2 giving an elliptic curve version of the SRP protocol, June 21, 2001. </li> </ol></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=11" title="Edit section: External links">edit</a>]</div> <ul><li><a rel="nofollow" class="external text" href="http://srp.stanford.edu">Official website</a></li> <li><a rel="nofollow" class="external text" href="http://srp.stanford.edu/license.txt">SRP License</a>—BSD like open source.</li> <li><a rel="nofollow" class="external text" href="https://patents.google.com/patent/US6539479">US6539479</a> - SRP Patent (Expired on May 12, 2015 due to failure to pay maintenance fees (according to Google Patents). Originally set to expire in July 2018).</li></ul> <div class="mw-heading mw-heading3"><h3 id="Manual_pages">Manual pages</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=12" title="Edit section: Manual pages">edit</a>]</div> <ul><li><a rel="nofollow" class="external text" href="https://ppp.samba.org/pppd.html">pppd(8)</a>: Point-to-Point Protocol Daemon</li> <li><a rel="nofollow" class="external text" href="http://man7.org/linux/man-pages/man1/srptool.1.html">srptool(1)</a>: Simple SRP password tool</li></ul> <div class="mw-heading mw-heading3"><h3 id="RFCs">RFCs</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=13" title="Edit section: RFCs">edit</a>]</div> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2944">2944</a> - Telnet Authentication: SRP</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2945">2945</a> - The SRP Authentication and Key Exchange System (version 3)</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3720">3720</a> - Internet Small Computer Systems Interface (iSCSI)</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3723">3723</a> - Securing Block Storage Protocols over IP</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3669">3669</a> - Guidelines for Working Groups on Intellectual Property Issues</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5054">5054</a> - Using the Secure Remote Password (SRP) Protocol for TLS Authentication</li></ul> <div class="mw-heading mw-heading3"><h3 id="Other_links">Other links</h3>[<a href="/w/index.php?title=Secure_Remote_Password_protocol&action=edit&section=14" title="Edit section: Other links">edit</a>]</div> <ul><li><a rel="nofollow" class="external text" href="https://archive.today/20081216020624/http://grouper.ieee.org/groups/1363/">IEEE 1363</a></li> <li><a rel="nofollow" class="external text" href="http://www.pdl.cmu.edu/mailinglists/ips/mail/msg08027.html">SRP Intellectual Property Slides (Dec 2001 - possible deprecated)</a> The EKE patents mentioned expired in 2011 and 2013.</li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style></div><div role="navigation" class="navbox" aria-label="Navbox" style="padding:3px"><table class="nowraplinks hlist navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Cryptography_public-key" title="Template:Cryptography public-key"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Cryptography_public-key" title="Template talk:Cryptography public-key"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Cryptography_public-key" title="Special:EditPage/Template:Cryptography public-key"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Public-key_cryptography" style="font-size:114%;margin:0 4em"><a href="/wiki/Public-key_cryptography" title="Public-key cryptography">Public-key cryptography</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Algorithms</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group wraplinks" style="width:1%"><a href="/wiki/Integer_factorization" title="Integer factorization">Integer factorization</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Benaloh_cryptosystem" title="Benaloh cryptosystem">Benaloh</a></li> <li><a href="/wiki/Blum%E2%80%93Goldwasser_cryptosystem" title="Blum–Goldwasser cryptosystem">Blum–Goldwasser</a></li> <li><a href="/wiki/Cayley%E2%80%93Purser_algorithm" title="Cayley–Purser algorithm">Cayley–Purser</a></li> <li><a href="/wiki/Damg%C3%A5rd%E2%80%93Jurik_cryptosystem" title="Damgård–Jurik cryptosystem">Damgård–Jurik</a></li> <li><a href="/wiki/GMR_(cryptography)" title="GMR (cryptography)">GMR</a></li> <li><a href="/wiki/Goldwasser%E2%80%93Micali_cryptosystem" title="Goldwasser–Micali cryptosystem">Goldwasser–Micali</a></li> <li><a href="/wiki/Naccache%E2%80%93Stern_cryptosystem" title="Naccache–Stern cryptosystem">Naccache–Stern</a></li> <li><a href="/wiki/Paillier_cryptosystem" title="Paillier cryptosystem">Paillier</a></li> <li><a href="/wiki/Rabin_cryptosystem" title="Rabin cryptosystem">Rabin</a></li> <li><a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a></li> <li><a href="/wiki/Okamoto%E2%80%93Uchiyama_cryptosystem" title="Okamoto–Uchiyama cryptosystem">Okamoto–Uchiyama</a></li> <li><a href="/wiki/Schmidt-Samoa_cryptosystem" title="Schmidt-Samoa cryptosystem">Schmidt–Samoa</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group wraplinks" style="width:1%"><a href="/wiki/Discrete_logarithm" title="Discrete logarithm">Discrete logarithm</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Boneh%E2%80%93Lynn%E2%80%93Shacham" class="mw-redirect" title="Boneh–Lynn–Shacham">BLS</a></li> <li><a href="/wiki/Cramer%E2%80%93Shoup_cryptosystem" title="Cramer–Shoup cryptosystem">Cramer–Shoup</a></li> <li><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DH</a></li> <li><a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">DSA</a></li> <li><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDH</a> <ul><li><a href="/wiki/Curve25519" title="Curve25519">X25519</a></li> <li><a href="/wiki/Curve448" title="Curve448">X448</a></li></ul></li> <li><a href="/wiki/Elliptic_Curve_Digital_Signature_Algorithm" title="Elliptic Curve Digital Signature Algorithm">ECDSA</a></li> <li><a href="/wiki/EdDSA" title="EdDSA">EdDSA</a> <ul><li><a href="/wiki/EdDSA#Ed25519" title="EdDSA">Ed25519</a></li> <li><a href="/wiki/EdDSA#Ed448" title="EdDSA">Ed448</a></li></ul></li> <li><a href="/wiki/ECMQV" class="mw-redirect" title="ECMQV">ECMQV</a></li> <li><a href="/wiki/Encrypted_key_exchange" title="Encrypted key exchange">EKE</a></li> <li><a href="/wiki/ElGamal_encryption" title="ElGamal encryption">ElGamal</a> <ul><li><a href="/wiki/ElGamal_signature_scheme" title="ElGamal signature scheme">signature scheme</a></li></ul></li> <li><a href="/wiki/MQV" title="MQV">MQV</a></li> <li><a href="/wiki/Schnorr_signature" title="Schnorr signature">Schnorr</a></li> <li><a href="/wiki/SPEKE" title="SPEKE">SPEKE</a></li> <li><a class="mw-selflink selflink">SRP</a></li> <li><a href="/wiki/Station-to-Station_protocol" title="Station-to-Station protocol">STS</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group wraplinks" style="width:1%"><a href="/wiki/Lattice-based_cryptography" title="Lattice-based cryptography">Lattice/SVP/CVP</a>/<a href="/wiki/Learning_with_errors" title="Learning with errors">LWE</a>/<a href="/wiki/Short_integer_solution_problem" title="Short integer solution problem">SIS</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BLISS_signature_scheme" title="BLISS signature scheme">BLISS</a></li> <li><a href="/wiki/Kyber" title="Kyber">Kyber</a></li> <li><a href="/wiki/NewHope" title="NewHope">NewHope</a></li> <li><a href="/wiki/NTRUEncrypt" title="NTRUEncrypt">NTRUEncrypt</a></li> <li><a href="/wiki/NTRUSign" title="NTRUSign">NTRUSign</a></li> <li><a href="/wiki/RLWE-KEX" class="mw-redirect" title="RLWE-KEX">RLWE-KEX</a></li> <li><a href="/wiki/RLWE-SIG" class="mw-redirect" title="RLWE-SIG">RLWE-SIG</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group wraplinks" style="width:1%">Others</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Algebraic_Eraser" title="Algebraic Eraser">AE</a></li> <li><a href="/wiki/CEILIDH" title="CEILIDH">CEILIDH</a></li> <li><a href="/wiki/Efficient_Probabilistic_Public-Key_Encryption_Scheme" title="Efficient Probabilistic Public-Key Encryption Scheme">EPOC</a></li> <li><a href="/wiki/Hidden_Field_Equations" title="Hidden Field Equations">HFE</a></li> <li><a href="/wiki/Integrated_Encryption_Scheme" title="Integrated Encryption Scheme">IES</a></li> <li><a href="/wiki/Lamport_signature" title="Lamport signature">Lamport</a></li> <li><a href="/wiki/McEliece_cryptosystem" title="McEliece cryptosystem">McEliece</a></li> <li><a href="/wiki/Merkle%E2%80%93Hellman_knapsack_cryptosystem" title="Merkle–Hellman knapsack cryptosystem">Merkle–Hellman</a></li> <li><a href="/wiki/Naccache%E2%80%93Stern_knapsack_cryptosystem" title="Naccache–Stern knapsack cryptosystem">Naccache–Stern knapsack cryptosystem</a></li> <li><a href="/wiki/Three-pass_protocol" title="Three-pass protocol">Three-pass protocol</a></li> <li><a href="/wiki/XTR" title="XTR">XTR</a></li> <li><a href="/wiki/SQIsign" title="SQIsign">SQIsign</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Theory</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Discrete_logarithm#Cryptography" title="Discrete logarithm">Discrete logarithm cryptography</a></li> <li><a href="/wiki/Elliptic-curve_cryptography" title="Elliptic-curve cryptography">Elliptic-curve cryptography</a></li> <li><a href="/wiki/Hash-based_cryptography" title="Hash-based cryptography">Hash-based cryptography</a></li> <li><a href="/wiki/Non-commutative_cryptography" title="Non-commutative cryptography">Non-commutative cryptography</a></li> <li><a href="/wiki/RSA_problem" title="RSA problem">RSA problem</a></li> <li><a href="/wiki/Trapdoor_function" title="Trapdoor function">Trapdoor function</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Standardization</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CRYPTREC" title="CRYPTREC">CRYPTREC</a></li> <li><a href="/wiki/IEEE_P1363" title="IEEE P1363">IEEE P1363</a></li> <li><a href="/wiki/NESSIE" title="NESSIE">NESSIE</a></li> <li><a href="/wiki/NSA_Suite_B_Cryptography" title="NSA Suite B Cryptography">NSA Suite B</a></li> <li><a href="/wiki/Commercial_National_Security_Algorithm_Suite" title="Commercial National Security Algorithm Suite">CNSA</a></li> <li><a href="/wiki/NIST_Post-Quantum_Cryptography_Standardization" title="NIST Post-Quantum Cryptography Standardization">Post-Quantum Cryptography</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Topics</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Digital_signature" title="Digital signature">Digital signature</a></li> <li><a href="/wiki/Optimal_asymmetric_encryption_padding" title="Optimal asymmetric encryption padding">OAEP</a></li> <li><a href="/wiki/Public_key_fingerprint" title="Public key fingerprint">Fingerprint</a></li> <li><a href="/wiki/Public_key_infrastructure" title="Public key infrastructure">PKI</a></li> <li><a href="/wiki/Web_of_trust" title="Web of trust">Web of trust</a></li> <li><a href="/wiki/Key_size" title="Key size">Key size</a></li> <li><a href="/wiki/Identity-based_cryptography" title="Identity-based cryptography">Identity-based cryptography</a></li> <li><a href="/wiki/Post-quantum_cryptography" title="Post-quantum cryptography">Post-quantum cryptography</a></li> <li><a href="/wiki/OpenPGP_card" title="OpenPGP card">OpenPGP card</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table><div></div></td></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Cryptography_navbox" title="Template:Cryptography navbox"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Cryptography_navbox" title="Template talk:Cryptography navbox"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Cryptography_navbox" title="Special:EditPage/Template:Cryptography navbox"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Cryptography" style="font-size:114%;margin:0 4em"><a href="/wiki/Cryptography" title="Cryptography">Cryptography</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">General</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/History_of_cryptography" title="History of cryptography">History of cryptography</a></li> <li><a href="/wiki/Outline_of_cryptography" title="Outline of cryptography">Outline of cryptography</a></li> <li><a href="/wiki/Classical_cipher" title="Classical cipher">Classical cipher</a></li> <li><a href="/wiki/Cryptographic_protocol" title="Cryptographic protocol">Cryptographic protocol</a> <ul><li><a href="/wiki/Authentication_protocol" title="Authentication protocol">Authentication protocol</a></li></ul></li> <li><a href="/wiki/Cryptographic_primitive" title="Cryptographic primitive">Cryptographic primitive</a></li> <li><a href="/wiki/Cryptanalysis" title="Cryptanalysis">Cryptanalysis</a></li> <li><a href="/wiki/Cryptocurrency" title="Cryptocurrency">Cryptocurrency</a></li> <li><a href="/wiki/Cryptosystem" title="Cryptosystem">Cryptosystem</a></li> <li><a href="/wiki/Cryptographic_nonce" title="Cryptographic nonce">Cryptographic nonce</a></li> <li><a href="/wiki/Cryptovirology" title="Cryptovirology">Cryptovirology</a></li> <li><a href="/wiki/Hash_function" title="Hash function">Hash function</a> <ul><li><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Cryptographic hash function</a></li> <li><a href="/wiki/Key_derivation_function" title="Key derivation function">Key derivation function</a></li> <li><a href="/wiki/Secure_Hash_Algorithms" title="Secure Hash Algorithms">Secure Hash Algorithms</a></li></ul></li> <li><a href="/wiki/Digital_signature" title="Digital signature">Digital signature</a></li> <li><a href="/wiki/Kleptography" title="Kleptography">Kleptography</a></li> <li><a href="/wiki/Key_(cryptography)" title="Key (cryptography)">Key (cryptography)</a></li> <li><a href="/wiki/Key_exchange" title="Key exchange">Key exchange</a></li> <li><a href="/wiki/Key_generator" title="Key generator">Key generator</a></li> <li><a href="/wiki/Key_schedule" title="Key schedule">Key schedule</a></li> <li><a href="/wiki/Key_stretching" title="Key stretching">Key stretching</a></li> <li><a href="/wiki/Keygen" title="Keygen">Keygen</a></li> <li><a href="/wiki/Template:Cryptography_machines" title="Template:Cryptography machines">Machines</a></li> <li><a href="/wiki/Cryptojacking_malware" class="mw-redirect" title="Cryptojacking malware">Cryptojacking malware</a></li> <li><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></li> <li><a href="/wiki/Random_number_generation" title="Random number generation">Random number generation</a> <ul><li><a href="/wiki/Cryptographically_secure_pseudorandom_number_generator" title="Cryptographically secure pseudorandom number generator">Cryptographically secure pseudorandom number generator</a> (CSPRNG)</li></ul></li> <li><a href="/wiki/Pseudorandom_noise" title="Pseudorandom noise">Pseudorandom noise</a> (PRN)</li> <li><a href="/wiki/Secure_channel" title="Secure channel">Secure channel</a></li> <li><a href="/wiki/Insecure_channel" class="mw-redirect" title="Insecure channel">Insecure channel</a></li> <li><a href="/wiki/Subliminal_channel" title="Subliminal channel">Subliminal channel</a></li> <li><a href="/wiki/Encryption" title="Encryption">Encryption</a></li> <li><a href="/wiki/Decryption" class="mw-redirect" title="Decryption">Decryption</a></li> <li><a href="/wiki/End-to-end_encryption" title="End-to-end encryption">End-to-end encryption</a></li> <li><a href="/wiki/Harvest_now,_decrypt_later" title="Harvest now, decrypt later">Harvest now, decrypt later</a></li> <li><a href="/wiki/Information-theoretic_security" title="Information-theoretic security">Information-theoretic security</a></li> <li><a href="/wiki/Plaintext" title="Plaintext">Plaintext</a></li> <li><a href="/wiki/Codetext" class="mw-redirect" title="Codetext">Codetext</a></li> <li><a href="/wiki/Ciphertext" title="Ciphertext">Ciphertext</a></li> <li><a href="/wiki/Shared_secret" title="Shared secret">Shared secret</a></li> <li><a href="/wiki/Trapdoor_function" title="Trapdoor function">Trapdoor function</a></li> <li><a href="/wiki/Trusted_timestamping" title="Trusted timestamping">Trusted timestamping</a></li> <li><a href="/wiki/Key-based_routing" title="Key-based routing">Key-based routing</a></li> <li><a href="/wiki/Onion_routing" title="Onion routing">Onion routing</a></li> <li><a href="/wiki/Garlic_routing" title="Garlic routing">Garlic routing</a></li> <li><a href="/wiki/Kademlia" title="Kademlia">Kademlia</a></li> <li><a href="/wiki/Mix_network" title="Mix network">Mix network</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Mathematics</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">Cryptographic hash function</a></li> <li><a href="/wiki/Block_cipher" title="Block cipher">Block cipher</a></li> <li><a href="/wiki/Stream_cipher" title="Stream cipher">Stream cipher</a></li> <li><a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">Symmetric-key algorithm</a></li> <li><a href="/wiki/Authenticated_encryption" title="Authenticated encryption">Authenticated encryption</a></li> <li><a href="/wiki/Public-key_cryptography" title="Public-key cryptography">Public-key cryptography</a></li> <li><a href="/wiki/Quantum_key_distribution" title="Quantum key distribution">Quantum key distribution</a></li> <li><a href="/wiki/Quantum_cryptography" title="Quantum cryptography">Quantum cryptography</a></li> <li><a href="/wiki/Post-quantum_cryptography" title="Post-quantum cryptography">Post-quantum cryptography</a></li> <li><a href="/wiki/Message_authentication_code" title="Message authentication code">Message authentication code</a></li> <li><a href="/wiki/Cryptographically_secure_pseudorandom_number_generator" title="Cryptographically secure pseudorandom number generator">Random numbers</a></li> <li><a href="/wiki/Steganography" title="Steganography">Steganography</a></li></ul> </div></td></tr><tr><td class="navbox-abovebelow" colspan="2"><div> <ul><li><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/16px-Symbol_category_class.svg.png" decoding="async" width="16" height="16" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/23px-Symbol_category_class.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/31px-Symbol_category_class.svg.png 2x" data-file-width="180" data-file-height="185" /> <a href="/wiki/Category:Cryptography" title="Category:Cryptography">Category</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Secure_Remote_Password_protocol&oldid=1253658640">https://en.wikipedia.org/w/index.php?title=Secure_Remote_Password_protocol&oldid=1253658640</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Key-agreement_protocols" title="Category:Key-agreement protocols">Key-agreement protocols</a></li><li><a href="/wiki/Category:Password_authentication" title="Category:Password authentication">Password authentication</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Wikipedia_articles_needing_clarification_from_February_2014" title="Category:Wikipedia articles needing clarification from February 2014">Wikipedia articles needing clarification from February 2014</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 27 October 2024, at 05:29 (UTC).</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Secure_Remote_Password_protocol&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-65496f48b4-sdljj","wgBackendResponseTime":218,"wgPageParseReport":{"limitreport":{"cputime":"0.426","walltime":"0.594","ppvisitednodes":{"value":3158,"limit":1000000},"postexpandincludesize":{"value":100340,"limit":2097152},"templateargumentsize":{"value":4069,"limit":2097152},"expansiondepth":{"value":14,"limit":100},"expensivefunctioncount":{"value":3,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":89075,"limit":5000000},"entityaccesscount":{"value":1,"limit":400},"timingprofile":["100.00% 451.023 1 -total"," 37.66% 169.869 4 Template:Navbox"," 23.94% 107.976 11 Template:Cite_web"," 23.00% 103.741 1 Template:Cryptography_navbox"," 15.36% 69.293 1 Template:Short_description"," 11.95% 53.884 1 Template:Cryptography_public-key"," 11.91% 53.733 1 Template:Clarify"," 10.99% 49.583 1 Template:Fix-span"," 9.98% 45.027 2 Template:Pagetype"," 8.79% 39.624 2 Template:Category_handler"]},"scribunto":{"limitreport-timeusage":{"value":"0.239","limit":"10.000"},"limitreport-memusage":{"value":5617669,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-tc56n","timestamp":"20241123065823","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Secure Remote Password protocol","url":"https:\/\/en.wikipedia.org\/wiki\/Secure_Remote_Password_protocol","sameAs":"http:\/\/www.wikidata.org\/entity\/Q576988","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q576988","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2004-12-21T15:24:43Z","dateModified":"2024-10-27T05:29:50Z","headline":"cryptographic protocol for identification"}</script> </body> </html>