What Is Secure Remote Password (SRP) Protocol and How to Use It?
“Password” this crazy piece of string worth a lot, get a lot of attention but yet very hard to process & hide. Even with the multi-factor approach, it is crucial to design the first step right (which is what the user knows).
It becomes increasingly harder for the software systems to securely authenticate their users, process the sensitive password in a right & secure way. One of the most common approaches is,
Password-Hashing:
Storing the hashed version of the password using algorithms like Argon2, bcrypt, etc and use it for authenticating the users. By now, this is the minimum baseline for handling sensitive secrets like password, anything below this (like as plain-text or encoded) means you are probably doing the bad thing, stop it, go back to safety!.
Hashed passwords offer a good trade-off between simplicity and security but for a piece of highly sensitive information or system it has its own drawbacks,
- It needed a trusted server to securely process & store the hashed passwords (which promises not to log passwords 😀)
- An attacker with a large password dictionary & a breached database can determine the user’s password
- An attacker can eavesdrop (MITM attack)…