Interview with Tom Wu, inventor of the SRP protocol

January 04, 2007

At Clipperz we are huge fan of cryptography as a tool to empower users and protect freedom, therefore we are beholden to all the people who contributed to the development of this science. Among them a special thanks goes to Tom Wu who invented SRP, the Secure Remote Password protocol, at Stanford University during the late nineties. Today SRP is a widely appreciate authentication method and it is our choice for Clipperz online password manager. Tom Wu was so kind to answer some of our questions about SRP and its chances to gain even more traction in the future.

SRP is provably more secure than most authentication protocols used by online service providers. Which are the main obstacles to its widespread adoption?

TW: In many ways, SRP represents the “best of both worlds” when it comes to online authentication using a human-memorized password. In a nutshell, it provides security against both passive and active network attackers, a level of security that traditionally required some form of public-key infrastructure to obtain, without the overhead and cost of maintaining such an infrastructure. Instead it leverages the strength of the shared password, which is already being managed, and imposes no additional infrastructure requirements on the application.

Ironically, this is also precisely the biggest political obstacle SRP faces, because it in effect cuts out the middleman and allows direct user authentication without expensive infrastructure to secure that initial connection before sending the password. It is understandable and commonplace that corporations that sell a product would be opposed to alternatives that eliminate the need for that product, even if the alternative is a net win for the end user. In past years, implementors were concerned about strong password protocols because most of them had patent restrictions, but because SRP has a well-established free license, those concerns have fallen by the wayside and SRP can move on to the next phase.

Incidentally, because SRP does not store plaintext passwords on the server side but instead uses what is known as a “non plaintext-equivalent verifier”, it may indirectly help with problems like the one recently occurred to Reddit.

Are you aware of any online service that uses SRP?

TW: The best example is probably GoToMyPC. Their security white paper (pdf) is an excellent resource and describes how SRP is used to secure end-to-end communications between the client and a remote host computer based on shared knowledge of a password. (See also the related Certicom press release.)

Would you recommend JavaScript to implement the SRP steps on the client side?

TW: It wouldn’t necessarily be my first choice of programming environment, but it is possible to do the large number arithmetic required by SRP in JavaScript. Naturally, one concern would be performance, both in terms of loading the code and executing the protocol steps. Another concern, which is ever-present with pure JavaScript apps, is the phishing attack; how do you know the page you are seeing is really executing the SRP protocol and not just sending your password to the attacker?

This is a very challenging aspect of designing and implementing security on the Web. As long as these concerns are addressed and managed, though, JavaScript can be a viable environment to implement an SRP client.

Is the Stanford SRP Authentication Project still alive?

TW: The Stanford SRP Authentication Project has largely served its purpose already in getting the word out about SRP and hosting a reference implementation of an application suite secured with FTP. Nowadays, most of the real work is going on in standards bodies like the IETF, IEEE, and ISO, as well as on the “front lines” with implementations such as yours.

How could we contribute to the SRP project and success?

TW: What you’re doing so far is definitely on the right track.

I think this area is one in which Open Source software has a big advantage, because it can move quickly on an idea and not be burdened by bureaucracy or politics, but instead can focus on delivering security to the end user using the best technical solution. All it takes is some courage and persistence.

So keep doing what you’re doing - stand as one more example of how SRP can be used as part of an Internet security solution. To that end, I really should be asking you what I can do to contribute to your project’s success.

Thanks for the opportunity to speak out on a subject very important to me.