SiRP Demo

Secure (interoperable) Remote Password Authentication


This is a demo of the SiRP Ruby Gem, and the JSRP Javascript client. SiRP is an implementation of the Secure Remote Password (SRP-6a) protocol. The code for this demo can be found on at grempe/sirp-demo

SRP allows users to mutually authenticate with a server without ever sending a password over the wire. Nearly 100% of websites today use the less secure method of sending your password to the remote server, hashing it, and then comparing it to a stored hash. SRP instead uses cryptographic primitives to authenticate you and securely negotiate a cryptographic key that you can use for encrypted session communications.

To use this demo, first register a username and password. Once registered login using the same credentials to authenticate using SRP.

User Registration

In this step a new user is registered by generating a salt and verifier in the browser and posting those attributes to the /users endoint on the server.


User Login

In this step an existing user is requests an SRP protocol login. The first step is to retrieve the user's 'salt' and the server's 'B' values from the server and use those to bootstrap the rest of the authentication process.

Enter something you wish you hadn't? flush the database of all credentials!