SRP secure remote password authentication

Tom Wu tom at
Thu Sep 18 07:28:48 EST 2003


With "plain" SRP, the server has a verifier and the client has the 
actual password.  The server's long-term secret is derivable from the 
client's long-term secret but not vice-versa.  SRP-Z adds a server 
"password" and a client "verifier", which assures the client explicitly 
that the server knows its password.  With "plain" SRP, all you know is 
that the server has the right verifier.  For example, under "plain" SRP, 
if you wrote your password on your monitor, an attacker could use that 
information to impersonate a server that you were SSHing to, but SRP-Z 
would prevent that.  The downside is that clients need to keep 
information about specific servers' "verifier" info around.

SSH/OpenSSH doesn't really need SRP-Z since it already uses host keys to 
authenticate the server.  Tom Holroyd's patches to OpenSSH implement 
"plain" royalty-free SRP as a result.


Edward Flick wrote:
> Hello Tom,
> Since I am just now realizing you monitor this list.  Exactly, what is
> implied by the SRP-Z license?  As you can implicitly determine (by
> successful negotation) if the server on the other end is the server you
> intended to communicate with, exactly what is the differentiating factor
> between SRP and SRP-Z.
> Edward Flick
> -----Original Message-----
> From: at
> [ at]On
> Behalf Of Tom Wu
> Sent: Wednesday, September 17, 2003 2:20 PM
> To: Markus Friedl
> Cc: openssh-unix-dev at; Jeremy Nysen
> Subject: Re: SRP secure remote password authentication
> SRP is, if anything, the protocol with the *least* problematic patent
> license:
> since royalty-free terms are offered.  If that isn't good enough for
> OpenSSH, then neither is DSA.
> Tom
> Markus Friedl wrote:
>>SRP and similar protocols have patent problems.
>>are there any without?
>>On Wed, Sep 17, 2003 at 11:00:18AM +1000, Jeremy Nysen wrote:
>>>Are there any plans to include support for SRP or a similar zero-knowledge
>>>password protocol into OpenSSH?
>>>openssh-unix-dev mailing list
>>>openssh-unix-dev at
>>openssh-unix-dev mailing list
>>openssh-unix-dev at
> --
> Tom Wu
> Chief Security Architect
> Arcot Systems
> (408) 969-6124
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124

More information about the openssh-unix-dev mailing list