Secure Remote Password

Secure Remote Password: A Protocol for Password-Based Authentication
Password-based authentication is a common and convenient way for users to access online services and resources. However, it also poses many challenges and risks, such as:

How to securely transmit and store passwords over an insecure network?
How to prevent attackers from intercepting, guessing, or cracking passwords?
How to verify the identity of both the user and the server without revealing passwords?
One possible solution to these problems is Secure Remote Password (SRP), a protocol that performs secure remote authentication of short human-memorizable passwords and resists both passive and active network attacks.

What is SRP?
SRP is a secure augmented password-authenticated key agreement (PAKE) protocol that allows a client and a server to establish a shared secret key based on a user’s password, without ever sending or storing the password in plain text or hashed form.

SRP is a zero-knowledge proof protocol, which means that both the client and the server can prove their knowledge of the password without revealing it or any information derived from it. This way, an eavesdropper or a man-in-the-middle cannot obtain any meaningful information to perform an attack.

SRP also provides mutual authentication, which means that both the client and the server can verify each other’s identity and ensure that no imposter party is involved.

Additionally, SRP offers a secure session encryption key, which can be used by the client and the server to encrypt and decrypt their subsequent communications, providing higher security on top of TLS.

How does SRP work?
SRP consists of three steps: registration, authentication, and verification.

Registration
This is the first step in the process, in which the user creates an account with a password on the server. The client performs the following steps:

Choose a username and a password
Generate a random salt
Compute x = H(salt | H(username | “:” | password)), where H is a hash function and | is concatenation
Compute v = g^x mod N, where g and N are large public parameters
Send username, salt, and v to the server
The server stores these values in its database. Note that the server does not store the password or any information equivalent to it.

Authentication
This is the second step in the process, in which the user requests access to a service or resource on the server. The client and the server perform the following steps:

The client sends username to the server
The server looks up salt and v for username in its database and sends salt to the client
The client computes x = H(salt | H(username | “:” | password)) as before
The client generates a random value a and computes A = g^a mod N
The server generates a random value b and computes B = kv + g^b mod N, where k is a public parameter
The client and the server exchange A and B
The client checks that B != 0
The server checks that A != 0
The client computes u = H(A | B) and S = (B - kgx)(a + ux) mod N
The server computes u = H(A | B) and S = (A(vu))b mod N
The client and the server compute K = H(S), which is their shared secret key
Verification
This is the final step in the process, in which the client and the server confirm that they have derived the same shared secret key. The client and the server perform the following steps:

The client computes M1 = H(H(N) xor H(g) | H(username) | salt | A | B | K)
The server computes M1’ = H(H(N) xor H(g) | H(username) | salt | A | B | K)
The client sends M1 to the server
The server checks that M1 == M1’
The server computes M2 = H(A | M1 | K)
The client computes M2’ = H(A | M1 | K)
The server sends M2 to the client
The client checks that M2 == M2’
If all these checks pass, then both parties have successfully authenticated each other and can use K to encrypt their communications.

There are several reasons why you might want to use secure remote password for password-based authentication, such as:

Security: SRP protects your passwords from being exposed or compromised over an insecure network, as they are never sent or stored in plain text or hashed form. SRP also prevents attackers from intercepting, guessing, or cracking your passwords by using a zero-knowledge proof protocol that does not reveal any information about your passwords. SRP also provides mutual authentication, which means that you can verify the identity of both the user and the server without revealing passwords.
Convenience: SRP simplifies your user experience by allowing you to sign in with your existing passwords on other platforms and avoid creating new usernames and passwords. SRP also offers a secure session encryption key, which can be used to encrypt and decrypt your subsequent communications, providing higher security on top of TLS.
Interoperability: SRP is a standard protocol that has been widely adopted and implemented by various platforms and services. SRP is compatible with different types of clients and servers, such as web applications, desktop applications, mobile apps, connected devices, etc. SRP also has multiple interoperating implementations in different programming languages and frameworks.

Some of the drawbacks of secure remote password are:

Complexity: SRP involves many steps and calculations that may be difficult to implement and understand. SRP also requires both the client and the server to have access to certain public parameters, such as g, N, and k, which may vary depending on the implementation. SRP also has different versions and variants, such as SRP-6 and SRP-6a, which may not be compatible with each other.
Limitations: SRP may not work well with some websites or applications that have complex or dynamic login processes, such as captchas, one-time codes, or multifactor authentication. In these cases, the client may have to manually enter the password or use alternative methods. SRP also does not provide any protection against phishing attacks, where the user may be tricked into entering their password on a fake website or application.
Trade-offs: SRP creates a single point of failure, meaning that if someone gains access to the master password or the password manager account, they can potentially compromise all the other passwords. Therefore, the user needs to protect their master password with extra security measures, such as two-factor authentication, biometric verification, or a recovery code. SRP also relies on the user to choose a strong and unique password for each account, which may not be easy or convenient for some users.