Secure (interoperable) Remote Password Authentication
SRP allows users to mutually authenticate with a server without ever sending a password over the wire. Nearly 100% of websites today use the less secure method of sending your password to the remote server, hashing it, and then comparing it to a stored hash. SRP instead uses cryptographic primitives to authenticate you and securely negotiate a cryptographic key that you can use for encrypted session communications.
To use this demo, first register a username and password. Once registered login using the same credentials to authenticate using SRP.
In this step a new user is registered by generating a salt and verifier in
the browser and posting those attributes to the
/users endoint on the server.
In this step an existing user is requests an SRP protocol login. The first step is to retrieve the user's 'salt' and the server's 'B' values from the server and use those to bootstrap the rest of the authentication process.
Enter something you wish you hadn't? flush the database of all credentials!