srpforjava

An implementation of SRP - Secure Remote Password Protocol. See http://srp.stanford.edu and http://srp.stanford.edu/ndss.html. SRP attempts to eliminate many of the security problems involved in a client/server user authentication. I don"t understand the math, but the ideas are fairly simple. On the server, store a mathematically generated number that is based on a user chosen password and a randomly generated "salt". Both the client and server maintain a predetermined prime number "N" and a "primitive root" based on N called "g". The nature of all these numbers allows an authentication without the server needing to save the password. The client asks for the salt that was created, then a series of calculations are performed with the client and server exchanging the calculated values. At the end of this, both the client and server can safely know that authentication has occurred. From the SRP website, SRP assures:

SRP
doc
example
src