TLS-SRP
Encyclopedia
Transport layer security
Secure Remote Password
(TLS-SRP) ciphersuites are a set of cryptographic protocol
s that provide secure
communication based on password
s, using an SRP
password-authenticated key exchange.
There are two classes of TLS-SRP ciphersuites: The first class of cipher suites uses only SRP
authentication. The second class uses SRP
authentication and public key certificate
s together for added security.
Usually, TLS uses only public key certificate
s for authentication. TLS-SRP uses a value derived from a password (the SRP
verifier) and a salt, shared in advance among the communicating parties, to establish a TLS connection. There are several reasons to use TLS-SRP:
, Apache mod_gnutls, cURL
, and TLS Lite.
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
Secure Remote Password
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
(TLS-SRP) ciphersuites are a set of cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
s that provide secure
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
communication based on password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s, using an SRP
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
password-authenticated key exchange.
There are two classes of TLS-SRP ciphersuites: The first class of cipher suites uses only SRP
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
authentication. The second class uses SRP
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
authentication and public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s together for added security.
Usually, TLS uses only public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s for authentication. TLS-SRP uses a value derived from a password (the SRP
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
verifier) and a salt, shared in advance among the communicating parties, to establish a TLS connection. There are several reasons to use TLS-SRP:
- Using password-based authentication does not require reliance on certificate authoritiesCertificate authorityIn cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
.
- Password authentication is less prone than certificate authentication to certain types of configuration mistakes, such as expired certificates or mismatched common name fields.
- TLS-SRP provides mutual authentication (the client and server both authenticate each other), while TLSTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
with server certificates only authenticates the server to the client. Client certificates can authenticate the client to the server, but it may be easier for a user to remember a password than to install a certificate.
Implementations
TLS-SRP is implemented in GnuTLSGnuTLS
GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of...
, Apache mod_gnutls, cURL
CURL
cURL is a computer software project providing a library and command-line tool for transferring data using various protocols. The cURL project produces two products, libcurl and cURL...
, and TLS Lite.