#authentication #security #crypto #rust #srp


rust secure remote password authentication flow

9 releases

0.1.8 Feb 6, 2021
0.1.7 Feb 6, 2021
0.1.5 Jan 31, 2021

#679 in Cryptography

26 downloads per month


410 lines

SRP (secure remote password)

Implementation based on the RFC5054 specification. See also the SRP description at Wikipedia.

Only SHA-256 is currently supported, others are planned in the future.


Add the library to your cargo.toml:

rust-srp = "0.1.8"


High-level description of the client-server interaction. An example can also be found from the test case test_srp_client_server.

Client routine

let n = <bigint>;
let g = <bigint>;
// Create the client
let mut client = SrpClient::new(n.clone(), g.clone());
// Create public key (A, bigint)
let a = client.step_1(<username>.clone(), <password>.clone());
// Create a client evidence (M1, bigint)
let m_1 = client.step_2(<salt>.clone(), b.clone());
// Validate server evidence (M2, bigint).
// Note: At this point the client is no longer usable, as it has passed its ownership to the function.

Server routine

let n = <bigint>;
let g = <bigint>;
// Create server with the public client key A
let mut server = SrpServer::new(a, n.clone(), g.clone());
// Create public key B by locating the SRP params for user identity I
let b = server.step_1(<username>.clone(), <salt>.clone(), <verifier>.clone());
// Validate client evidence M1, and create server evidence M2.
// Note: At this point the server is no longer valid, as it has passed its ownership to the function.
let m_2 = server.step_2(m_1);
// If M1 is valid, then from the server's point of view, client is now authenticated


~38K SLoC