Popularity
0.8
Stable
Activity
0.0
Stable
13
3
9

Description

Ruby Docs : http://www.rubydoc.info/gems/sirp

This is a pure Ruby implementation of the Secure Remote Password protocol (SRP-6a), which is a 'zero-knowledge' mutual authentication system.

SRP is an protocol that allows for mutual authentication of a client and server over an insecure network connection without revealing the password to the server or an eavesdropper. If the client lacks the user's password, or the server lacks the proper verification key, the authentication will fail. This approach is much more secure than the vast majority of authentication systems in common use since the password is never sent over the wire. The password is impossible to intercept, or to be revealed in a server breach, unless the verifier can be reversed. Since the verifier is derived from the password + salt through cryptographic one-way hash functions and Modular Exponentiation. Attacking the verifier to retrieve a password would be of similar difficulty as deriving a private encryption key from its public key. Extremely difficult, if not impossible.

Unlike other common challenge-response authentication protocols, such as Kerberos and SSL, SRP does not rely on an external infrastructure of trusted key servers or complex certificate management.

At the end of the authentication process both the client and the server will have negotiated a shared strong encryption key suitable for encrypted session communications. This key is negotiated through a modified Diffie-Hellman key exchange and the key is never sent over the wire.

SiRP is designed to be interoperable with a Ruby client and server, or with Ruby on the server side, and the JSRP Javascript client running in a browser.

Try the live demo app here:

https://sirp-demo.herokuapp.com/index.html

Code Quality Rank: L5
Monthly Downloads: 107
Programming language: Ruby
License: BSD 3-clause "New" or "Revised" License

SiRP alternatives and similar gems

Based on the "Security" category

Do you think we are missing an alternative of SiRP or a related project?

Add another 'Security' Gem