diff --git a/build/android/jni/Android.mk b/build/android/jni/Android.mk
index 2b582051ef5c542fc435473b2efc8dd1cb13746a..206c30ccf90da9f7b64299e7dd5d2b9df57ab438 100644
--- a/build/android/jni/Android.mk
+++ b/build/android/jni/Android.mk
@@ -208,6 +208,7 @@ LOCAL_SRC_FILES :=                                \
 		jni/src/version.cpp                       \
 		jni/src/voxel.cpp                         \
 		jni/src/voxelalgorithms.cpp               \
+		jni/src/util/auth.cpp                     \
 		jni/src/util/base64.cpp                   \
 		jni/src/util/directiontables.cpp          \
 		jni/src/util/numeric.cpp                  \
@@ -215,6 +216,7 @@ LOCAL_SRC_FILES :=                                \
 		jni/src/util/serialize.cpp                \
 		jni/src/util/sha1.cpp                     \
 		jni/src/util/string.cpp                   \
+		jni/src/util/srp.cpp                      \
 		jni/src/util/timetaker.cpp                \
 		jni/src/unittest/test.cpp                 \
 		jni/src/unittest/test_collision.cpp       \
@@ -243,6 +245,8 @@ LOCAL_SRC_FILES :=                                \
 		jni/src/client/clientlauncher.cpp         \
 		jni/src/client/tile.cpp
 
+# intentionally kept out (we already build openssl itself): jni/src/util/sha256.c
+
 # Network
 LOCAL_SRC_FILES +=                                \
 		jni/src/network/connection.cpp            \
diff --git a/src/client.cpp b/src/client.cpp
index ceea56ba0b4886c7d4a62a6bb68c351b14be94c4..8cfcc85a7bbe04730027c70ec4f0574670aeac1e 100644
--- a/src/client.cpp
+++ b/src/client.cpp
@@ -22,10 +22,12 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include <sstream>
 #include <IFileSystem.h>
 #include "jthread/jmutexautolock.h"
+#include "util/auth.h"
 #include "util/directiontables.h"
 #include "util/pointedthing.h"
 #include "util/serialize.h"
 #include "util/string.h"
+#include "util/srp.h"
 #include "client.h"
 #include "network/clientopcodes.h"
 #include "filesys.h"
@@ -255,6 +257,8 @@ Client::Client(
 	m_highlighted_pos(0,0,0),
 	m_map_seed(0),
 	m_password(password),
+	m_chosen_auth_mech(AUTH_MECHANISM_NONE),
+	m_auth_data(NULL),
 	m_access_denied(false),
 	m_itemdef_received(false),
 	m_nodedef_received(false),
@@ -404,10 +408,13 @@ void Client::step(float dtime)
 			memset(pName, 0, PLAYERNAME_SIZE * sizeof(char));
 			memset(pPassword, 0, PASSWORD_SIZE * sizeof(char));
 
+			std::string hashed_password = translatePassword(myplayer->getName(), m_password);
 			snprintf(pName, PLAYERNAME_SIZE, "%s", myplayer->getName());
-			snprintf(pPassword, PASSWORD_SIZE, "%s", m_password.c_str());
+			snprintf(pPassword, PASSWORD_SIZE, "%s", hashed_password.c_str());
 
 			sendLegacyInit(pName, pPassword);
+			if (LATEST_PROTOCOL_VERSION >= 25)
+				sendInit(myplayer->getName());
 		}
 
 		// Not connected, return
@@ -943,6 +950,39 @@ void Client::interact(u8 action, const PointedThing& pointed)
 	Send(&pkt);
 }
 
+void Client::deleteAuthData()
+{
+	if (!m_auth_data)
+		return;
+
+	switch (m_chosen_auth_mech) {
+		case AUTH_MECHANISM_FIRST_SRP:
+			break;
+		case AUTH_MECHANISM_SRP:
+		case AUTH_MECHANISM_LEGACY_PASSWORD:
+			srp_user_delete((SRPUser *) m_auth_data);
+			m_auth_data = NULL;
+			break;
+		case AUTH_MECHANISM_NONE:
+			break;
+	}
+}
+
+
+AuthMechanism Client::choseAuthMech(const u32 mechs)
+{
+	if (mechs & AUTH_MECHANISM_SRP)
+		return AUTH_MECHANISM_SRP;
+
+	if (mechs & AUTH_MECHANISM_FIRST_SRP)
+		return AUTH_MECHANISM_FIRST_SRP;
+
+	if (mechs & AUTH_MECHANISM_LEGACY_PASSWORD)
+		return AUTH_MECHANISM_LEGACY_PASSWORD;
+
+	return AUTH_MECHANISM_NONE;
+}
+
 void Client::sendLegacyInit(const char* playerName, const char* playerPassword)
 {
 	NetworkPacket pkt(TOSERVER_INIT_LEGACY,
@@ -956,6 +996,70 @@ void Client::sendLegacyInit(const char* playerName, const char* playerPassword)
 	Send(&pkt);
 }
 
+void Client::sendInit(const std::string &playerName)
+{
+	NetworkPacket pkt(TOSERVER_INIT, 1 + 2 + 2 + (1 + playerName.size()));
+
+	// TODO (later) actually send supported compression modes
+	pkt << (u8) SER_FMT_VER_HIGHEST_READ << (u8) 42;
+	pkt << (u16) CLIENT_PROTOCOL_VERSION_MIN << (u16) CLIENT_PROTOCOL_VERSION_MAX;
+	pkt << playerName;
+
+	Send(&pkt);
+}
+
+void Client::startAuth(AuthMechanism chosen_auth_mechanism)
+{
+	m_chosen_auth_mech = chosen_auth_mechanism;
+
+	switch (chosen_auth_mechanism) {
+		case AUTH_MECHANISM_FIRST_SRP: {
+			// send srp verifier to server
+			NetworkPacket resp_pkt(TOSERVER_FIRST_SRP, 0);
+			char *salt, *bytes_v;
+			std::size_t len_salt, len_v;
+			salt = NULL;
+			getSRPVerifier(getPlayerName(), m_password,
+				&salt, &len_salt, &bytes_v, &len_v);
+			resp_pkt
+				<< std::string((char*)salt, len_salt)
+				<< std::string((char*)bytes_v, len_v)
+				<< (u8)((m_password == "") ? 1 : 0);
+			free(salt);
+			free(bytes_v);
+			Send(&resp_pkt);
+			break;
+		}
+		case AUTH_MECHANISM_SRP:
+		case AUTH_MECHANISM_LEGACY_PASSWORD: {
+			u8 based_on = 1;
+
+			if (chosen_auth_mechanism == AUTH_MECHANISM_LEGACY_PASSWORD) {
+				m_password = translatePassword(getPlayerName(), m_password);
+				based_on = 0;
+			}
+
+			std::string playername_u = lowercase(getPlayerName());
+			m_auth_data = srp_user_new(SRP_SHA256, SRP_NG_2048,
+				getPlayerName().c_str(), playername_u.c_str(),
+				(const unsigned char *) m_password.c_str(),
+				m_password.length(), NULL, NULL);
+			char *bytes_A = 0;
+			size_t len_A = 0;
+			srp_user_start_authentication((struct SRPUser *) m_auth_data,
+				NULL, NULL, 0, (unsigned char **) &bytes_A, &len_A);
+
+			NetworkPacket resp_pkt(TOSERVER_SRP_BYTES_A, 0);
+			resp_pkt << std::string(bytes_A, len_A) << based_on;
+			free(bytes_A);
+			Send(&resp_pkt);
+			break;
+		}
+		case AUTH_MECHANISM_NONE:
+			break; // not handled in this method
+	}
+}
+
 void Client::sendDeletedBlocks(std::vector<v3s16> &blocks)
 {
 	NetworkPacket pkt(TOSERVER_DELETEDBLOCKS, 1 + sizeof(v3s16) * blocks.size());
@@ -1066,24 +1170,30 @@ void Client::sendChangePassword(const std::string &oldpassword,
         const std::string &newpassword)
 {
 	Player *player = m_env.getLocalPlayer();
-	if(player == NULL)
+	if (player == NULL)
 		return;
 
 	std::string playername = player->getName();
-	std::string oldpwd = translatePassword(playername, oldpassword);
-	std::string newpwd = translatePassword(playername, newpassword);
+	if (m_proto_ver >= 25) {
+		// get into sudo mode and then send new password to server
+		m_password = oldpassword;
+		m_new_password = newpassword;
+		startAuth(choseAuthMech(m_sudo_auth_methods));
+	} else {
+		std::string oldpwd = translatePassword(playername, oldpassword);
+		std::string newpwd = translatePassword(playername, newpassword);
 
-	NetworkPacket pkt(TOSERVER_PASSWORD_LEGACY, 2 * PASSWORD_SIZE);
+		NetworkPacket pkt(TOSERVER_PASSWORD_LEGACY, 2 * PASSWORD_SIZE);
 
-	for(u8 i = 0; i < PASSWORD_SIZE; i++) {
-		pkt << (u8) (i < oldpwd.length() ? oldpwd[i] : 0);
-	}
+		for (u8 i = 0; i < PASSWORD_SIZE; i++) {
+			pkt << (u8) (i < oldpwd.length() ? oldpwd[i] : 0);
+		}
 
-	for(u8 i = 0; i < PASSWORD_SIZE; i++) {
-		pkt << (u8) (i < newpwd.length() ? newpwd[i] : 0);
+		for (u8 i = 0; i < PASSWORD_SIZE; i++) {
+			pkt << (u8) (i < newpwd.length() ? newpwd[i] : 0);
+		}
+		Send(&pkt);
 	}
-
-	Send(&pkt);
 }
 
 
diff --git a/src/client.h b/src/client.h
index 082b3d6dd1a7f52f50c614c99b6e6d45fd819d88..87cf8ce4533b176a2dd525041b945a201953b0ae 100644
--- a/src/client.h
+++ b/src/client.h
@@ -351,6 +351,8 @@ class Client : public con::PeerHandler, public InventoryManager, public IGameDef
 	void handleCommand_Deprecated(NetworkPacket* pkt);
 	void handleCommand_Hello(NetworkPacket* pkt);
 	void handleCommand_AuthAccept(NetworkPacket* pkt);
+	void handleCommand_AcceptSudoMode(NetworkPacket* pkt);
+	void handleCommand_DenySudoMode(NetworkPacket* pkt);
 	void handleCommand_InitLegacy(NetworkPacket* pkt);
 	void handleCommand_AccessDenied(NetworkPacket* pkt);
 	void handleCommand_RemoveNode(NetworkPacket* pkt);
@@ -391,6 +393,7 @@ class Client : public con::PeerHandler, public InventoryManager, public IGameDef
 	void handleCommand_OverrideDayNightRatio(NetworkPacket* pkt);
 	void handleCommand_LocalPlayerAnimations(NetworkPacket* pkt);
 	void handleCommand_EyeOffset(NetworkPacket* pkt);
+	void handleCommand_SrpBytesSandB(NetworkPacket* pkt);
 
 	void ProcessData(NetworkPacket *pkt);
 
@@ -542,11 +545,21 @@ class Client : public con::PeerHandler, public InventoryManager, public IGameDef
 	// Send the item number 'item' as player item to the server
 	void sendPlayerItem(u16 item);
 
+	void deleteAuthData();
+	// helper method shared with clientpackethandler
+	static AuthMechanism choseAuthMech(const u32 mechs);
+
 	void sendLegacyInit(const char* playerName, const char* playerPassword);
+	void sendInit(const std::string &playerName);
+	void startAuth(AuthMechanism chosen_auth_mechanism);
 	void sendDeletedBlocks(std::vector<v3s16> &blocks);
 	void sendGotBlocks(v3s16 block);
 	void sendRemovedSounds(std::vector<s32> &soundList);
 
+	// Helper function
+	inline std::string getPlayerName()
+	{ return m_env.getLocalPlayer()->getName(); }
+
 	float m_packetcounter_timer;
 	float m_connection_reinit_timer;
 	float m_avg_rtt_timer;
@@ -569,6 +582,8 @@ class Client : public con::PeerHandler, public InventoryManager, public IGameDef
 	IrrlichtDevice *m_device;
 	// Server serialization version
 	u8 m_server_ser_ver;
+	// Used version of the protocol with server
+	u8 m_proto_ver;
 	u16 m_playeritem;
 	bool m_inventory_updated;
 	Inventory *m_inventory_from_server;
@@ -584,9 +599,23 @@ class Client : public con::PeerHandler, public InventoryManager, public IGameDef
 	//s32 m_daynight_i;
 	//u32 m_daynight_ratio;
 	std::queue<std::wstring> m_chat_queue;
+
+	// The authentication methods we can use to enter sudo mode (=change password)
+	u32 m_sudo_auth_methods;
+
 	// The seed returned by the server in TOCLIENT_INIT is stored here
 	u64 m_map_seed;
+
+	// Auth data
+	std::string m_playername;
 	std::string m_password;
+	// If set, this will be sent (and cleared) upon a TOCLIENT_ACCEPT_SUDO_MODE
+	std::string m_new_password;
+	// Usable by auth mechanisms.
+	AuthMechanism m_chosen_auth_mech;
+	void * m_auth_data;
+
+
 	bool m_access_denied;
 	std::string m_access_denied_reason;
 	std::queue<ClientEvent> m_client_event_queue;
diff --git a/src/client/clientlauncher.cpp b/src/client/clientlauncher.cpp
index d6327e25915123498d7ecb86a704376b6a36b213..41ba4f3071f33685a59fc24c6abc429d2d8d00a9 100644
--- a/src/client/clientlauncher.cpp
+++ b/src/client/clientlauncher.cpp
@@ -392,7 +392,7 @@ bool ClientLauncher::launch_game(std::string &error_message,
 	else
 		playername = menudata.name;
 
-	password = translatePassword(playername, menudata.password);
+	password = menudata.password;
 
 	g_settings->set("name", playername);
 
diff --git a/src/clientiface.cpp b/src/clientiface.cpp
index 7649be29eff7586f7ced78f1bd0e4145c9a0bfcf..6944e56db756c63e754795d2cf391cdc5d9dbb9d 100644
--- a/src/clientiface.cpp
+++ b/src/clientiface.cpp
@@ -31,6 +31,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "emerge.h"
 #include "serverobject.h"              // TODO this is used for cleanup of only
 #include "log.h"
+#include "util/srp.h"
 
 const char *ClientInterface::statenames[] = {
 	"Invalid",
@@ -427,10 +428,12 @@ void RemoteClient::notifyEvent(ClientStateEvent event)
 		//intentionally do nothing
 		break;
 	case CS_Created:
-		switch(event)
-		{
-		case CSE_Init:
-			m_state = CS_InitSent;
+		switch (event) {
+		case CSE_Hello:
+			m_state = CS_HelloSent;
+			break;
+		case CSE_InitLegacy:
+			m_state = CS_AwaitingInit2;
 			break;
 		case CSE_Disconnect:
 			m_state = CS_Disconnecting;
@@ -447,7 +450,32 @@ void RemoteClient::notifyEvent(ClientStateEvent event)
 	case CS_Denied:
 		/* don't do anything if in denied state */
 		break;
-	case CS_InitSent:
+	case CS_HelloSent:
+		switch(event)
+		{
+		case CSE_AuthAccept:
+			m_state = CS_AwaitingInit2;
+			if ((chosen_mech == AUTH_MECHANISM_SRP)
+					|| (chosen_mech == AUTH_MECHANISM_LEGACY_PASSWORD))
+				srp_verifier_delete((SRPVerifier *) auth_data);
+			chosen_mech = AUTH_MECHANISM_NONE;
+			break;
+		case CSE_Disconnect:
+			m_state = CS_Disconnecting;
+			break;
+		case CSE_SetDenied:
+			m_state = CS_Denied;
+			if ((chosen_mech == AUTH_MECHANISM_SRP)
+					|| (chosen_mech == AUTH_MECHANISM_LEGACY_PASSWORD))
+				srp_verifier_delete((SRPVerifier *) auth_data);
+			chosen_mech = AUTH_MECHANISM_NONE;
+			break;
+		default:
+			myerror << "HelloSent: Invalid client state transition! " << event;
+			throw ClientStateError(myerror.str());
+		}
+		break;
+	case CS_AwaitingInit2:
 		switch(event)
 		{
 		case CSE_GotInit2:
@@ -514,6 +542,13 @@ void RemoteClient::notifyEvent(ClientStateEvent event)
 		case CSE_Disconnect:
 			m_state = CS_Disconnecting;
 			break;
+		case CSE_SudoSuccess:
+			m_state = CS_SudoMode;
+			if ((chosen_mech == AUTH_MECHANISM_SRP)
+					|| (chosen_mech == AUTH_MECHANISM_LEGACY_PASSWORD))
+				srp_verifier_delete((SRPVerifier *) auth_data);
+			chosen_mech = AUTH_MECHANISM_NONE;
+			break;
 		/* Init GotInit2 SetDefinitionsSent SetMediaSent SetDenied */
 		default:
 			myerror << "Active: Invalid client state transition! " << event;
@@ -521,6 +556,24 @@ void RemoteClient::notifyEvent(ClientStateEvent event)
 			break;
 		}
 		break;
+	case CS_SudoMode:
+		switch(event)
+		{
+		case CSE_SetDenied:
+			m_state = CS_Denied;
+			break;
+		case CSE_Disconnect:
+			m_state = CS_Disconnecting;
+			break;
+		case CSE_SudoLeave:
+			m_state = CS_Active;
+			break;
+		default:
+			myerror << "Active: Invalid client state transition! " << event;
+			throw ClientStateError(myerror.str());
+			break;
+		}
+		break;
 	case CS_Disconnecting:
 		/* we are already disconnecting */
 		break;
diff --git a/src/clientiface.h b/src/clientiface.h
index 54b2502650c540fab28db17c1dbac0b71b066dc0..070559c3a7d3cf1a2706e8978cd10c0d420ca762 100644
--- a/src/clientiface.h
+++ b/src/clientiface.h
@@ -47,96 +47,119 @@ class EmergeManager;
       |    Created      |
       |                 |
       \-----------------/
-               |
-               |
-+-----------------------------+            invalid playername, password
-|IN:                          |                    or denied by mod
-| TOSERVER_INIT               |------------------------------
-+-----------------------------+                             |
-               |                                            |
-               | Auth ok                                    |
-               |                                            |
-+-----------------------------+                             |
-|OUT:                         |                             |
-| TOCLIENT_INIT               |                             |
-+-----------------------------+                             |
-               |                                            |
-               v                                            |
-      /-----------------\                                   |
-      |                 |                                   |
-      |    InitSent     |                                   |
-      |                 |                                   |
-      \-----------------/                                   +------------------
-               |                                            |                 |
-+-----------------------------+             +-----------------------------+   |
-|IN:                          |             |OUT:                         |   |
-| TOSERVER_INIT2              |             | TOCLIENT_ACCESS_DENIED      |   |
-+-----------------------------+             +-----------------------------+   |
-               |                                            |                 |
-               v                                            v                 |
-      /-----------------\                           /-----------------\       |
-      |                 |                           |                 |       |
-      |    InitDone     |                           |     Denied      |       |
-      |                 |                           |                 |       |
-      \-----------------/                           \-----------------/       |
-               |                                                              |
-+-----------------------------+                                               |
-|OUT:                         |                                               |
-| TOCLIENT_MOVEMENT           |                                               |
-| TOCLIENT_ITEMDEF            |                                               |
-| TOCLIENT_NODEDEF            |                                               |
-| TOCLIENT_ANNOUNCE_MEDIA     |                                               |
-| TOCLIENT_DETACHED_INVENTORY |                                               |
-| TOCLIENT_TIME_OF_DAY        |                                               |
-+-----------------------------+                                               |
-               |                                                              |
-               |                                                              |
-               |      -----------------------------------                     |
-               v      |                                 |                     |
-      /-----------------\                               v                     |
-      |                 |                   +-----------------------------+   |
-      | DefinitionsSent |                   |IN:                          |   |
-      |                 |                   | TOSERVER_REQUEST_MEDIA      |   |
-      \-----------------/                   | TOSERVER_RECEIVED_MEDIA     |   |
-               |                            +-----------------------------+   |
-               |      ^                                 |                     |
-               |      -----------------------------------                     |
-               |                                                              |
-+-----------------------------+                                               |
-|IN:                          |                                               |
-| TOSERVER_CLIENT_READY       |                                               |
-+-----------------------------+                                               |
-               |                                                    async     |
-               v                                                  mod action  |
-+-----------------------------+                                   (ban,kick)  |
-|OUT:                         |                                               |
-| TOCLIENT_MOVE_PLAYER        |                                               |
-| TOCLIENT_PRIVILEGES         |                                               |
-| TOCLIENT_INVENTORY_FORMSPEC |                                               |
-| UpdateCrafting              |                                               |
-| TOCLIENT_INVENTORY          |                                               |
-| TOCLIENT_HP (opt)           |                                               |
-| TOCLIENT_BREATH             |                                               |
-| TOCLIENT_DEATHSCREEN        |                                               |
-+-----------------------------+                                               |
-              |                                                               |
-              v                                                               |
-      /-----------------\                                                     |
-      |                 |------------------------------------------------------
-      |     Active      |
-      |                 |----------------------------------
-      \-----------------/      timeout                    |
-               |                            +-----------------------------+
-               |                            |OUT:                         |
-               |                            | TOCLIENT_DISCONNECT         |
-               |                            +-----------------------------+
-               |                                          |
-               |                                          v
-+-----------------------------+                    /-----------------\
-|IN:                          |                    |                 |
-| TOSERVER_DISCONNECT         |------------------->|  Disconnecting  |
-+-----------------------------+                    |                 |
-                                                   \-----------------/
+               |                  depending of the incoming packet
+               +---------------------------------------
+               v                                      |
++-----------------------------+        +-----------------------------+
+|IN:                          |        |IN:                          |
+| TOSERVER_INIT_LEGACY        |-----   | TOSERVER_INIT               |      invalid playername,
++-----------------------------+    |   +-----------------------------+  password (for _LEGACY),
+               |                   |                  |                       or denied by mod
+               | Auth ok           -------------------+---------------------------------
+               |                                      |                                |
++-----------------------------+        +-----------------------------+                 |
+|OUT:                         |        |OUT:                         |                 |
+| TOCLIENT_INIT_LEGACY        |        | TOCLIENT_HELLO              |                 |
++-----------------------------+        +-----------------------------+                 |
+               |                                      |                                |
+               |                                      |                                |
+               v                                      v                                |
+      /-----------------\                    /-----------------\                       |
+      |                 |                    |                 |                       |
+      |  AwaitingInit2  |<---------          |    HelloSent    |                       |
+      |                 |         |          |                 |                       |
+      \-----------------/         |          \-----------------/                       |
+               |                  |                   |                                |
++-----------------------------+   |    *-----------------------------*     Auth fails  |
+|IN:                          |   |    |Authentication, depending on |-----------------+
+| TOSERVER_INIT2              |   |    | packet sent by client       |                 |
++-----------------------------+   |    *-----------------------------*                 |
+               |                  |                   |                                |
+               |                  |                   | Authentication                 |
+               v                  |                   |  successful                    |
+      /-----------------\         |                   v                                |
+      |                 |         |    +-----------------------------+                 |
+      |    InitDone     |         |    |OUT:                         |                 |
+      |                 |         |    | TOCLIENT_AUTH_ACCEPT        |                 |
+      \-----------------/         |    +-----------------------------+                 |
+               |                  |                   |                                |
++-----------------------------+   ---------------------                                |
+|OUT:                         |                                                        |
+| TOCLIENT_MOVEMENT           |                                                        |
+| TOCLIENT_ITEMDEF            |                                                        |
+| TOCLIENT_NODEDEF            |                                                        |
+| TOCLIENT_ANNOUNCE_MEDIA     |                                                        |
+| TOCLIENT_DETACHED_INVENTORY |                                                        |
+| TOCLIENT_TIME_OF_DAY        |                                                        |
++-----------------------------+                                                        |
+               |                                                                       |
+               |                                                                       |
+               |      -----------------------------                                    |
+               v      |                           |                                    |
+      /-----------------\                         v                                    |
+      |                 |             +-----------------------------+                  |
+      | DefinitionsSent |             |IN:                          |                  |
+      |                 |             | TOSERVER_REQUEST_MEDIA      |                  |
+      \-----------------/             | TOSERVER_RECEIVED_MEDIA     |                  |
+               |                      +-----------------------------+                  |
+               |      ^                           |                                    |
+               |      -----------------------------                                    |
+               |                                                                       |
++-----------------------------+                        --------------------------------+
+|IN:                          |                        |                               |
+| TOSERVER_CLIENT_READY       |                        v                               |
++-----------------------------+        +-------------------------------+               |
+               |                       |OUT:                           |               |
+               v                       | TOCLIENT_ACCESS_DENIED_LEGAGY |               |
++-----------------------------+        +-------------------------------+               |
+|OUT:                         |                        |                               |
+| TOCLIENT_MOVE_PLAYER        |                        v                               |
+| TOCLIENT_PRIVILEGES         |                /-----------------\                     |
+| TOCLIENT_INVENTORY_FORMSPEC |                |                 |                     |
+| UpdateCrafting              |                |     Denied      |                     |
+| TOCLIENT_INVENTORY          |                |                 |                     |
+| TOCLIENT_HP (opt)           |                \-----------------/                     |
+| TOCLIENT_BREATH             |                                                        |
+| TOCLIENT_DEATHSCREEN        |                                                        |
++-----------------------------+                                                        |
+              |                                                                        |
+              v                                                                        |
+      /-----------------\      async mod action (ban, kick)                            |
+      |                 |---------------------------------------------------------------
+ ---->|     Active      |
+ |    |                 |----------------------------------------------
+ |    \-----------------/      timeout                                |
+ |       |           |                                  +-----------------------------+
+ |       |           |                                  |OUT:                         |
+ |       |           |                                  | TOCLIENT_DISCONNECT         |
+ |       |           |                                  +-----------------------------+
+ |       |           |                                                |
+ |       |           |                                                v
+ |       |  +-----------------------------+                    /-----------------\
+ |       |  |IN:                          |                    |                 |
+ |       |  | TOSERVER_DISCONNECT         |------------------->|  Disconnecting  |
+ |       |  +-----------------------------+                    |                 |
+ |       |                                                     \-----------------/
+ |       | any auth packet which was
+ |       | allowed in TOCLIENT_AUTH_ACCEPT
+ |       v
+ |    *-----------------------------* Auth      +-------------------------------+
+ |    |Authentication, depending on | succeeds  |OUT:                           |
+ |    | packet sent by client       |---------->| TOCLIENT_ACCEPT_SUDO_MODE     |
+ |    *-----------------------------*           +-------------------------------+
+ |                  |                                            |
+ |                  | Auth fails                        /-----------------\
+ |                  v                                   |                 |
+ |    +-------------------------------+                 |    SudoMode     |
+ |    |OUT:                           |                 |                 |
+ |    | TOCLIENT_DENY_SUDO_MODE       |                 \-----------------/
+ |    +-------------------------------+                          |
+ |                  |                                            v
+ |                  |                               +-----------------------------+
+ |                  |    sets password accordingly  |IN:                          |
+ -------------------+-------------------------------| TOSERVER_FIRST_SRP          |
+                                                   +-----------------------------+
+
 */
 namespace con {
 	class Connection;
@@ -150,19 +173,25 @@ enum ClientState
 	CS_Disconnecting,
 	CS_Denied,
 	CS_Created,
-	CS_InitSent,
+	CS_AwaitingInit2,
+	CS_HelloSent,
 	CS_InitDone,
 	CS_DefinitionsSent,
-	CS_Active
+	CS_Active,
+	CS_SudoMode
 };
 
 enum ClientStateEvent
 {
-	CSE_Init,
+	CSE_Hello,
+	CSE_AuthAccept,
+	CSE_InitLegacy,
 	CSE_GotInit2,
 	CSE_SetDenied,
 	CSE_SetDefinitionsSent,
 	CSE_SetClientReady,
+	CSE_SudoSuccess,
+	CSE_SudoLeave,
 	CSE_Disconnect
 };
 
@@ -201,10 +230,24 @@ class RemoteClient
 	//
 	u16 net_proto_version;
 
+	/* Authentication information */
+	std::string enc_pwd;
+	AuthMechanism chosen_mech;
+	void * auth_data;
+	u32 allowed_auth_mechs;
+	u32 allowed_sudo_mechs;
+
+	bool isSudoMechAllowed(AuthMechanism mech)
+	{ return allowed_sudo_mechs & mech; }
+	bool isMechAllowed(AuthMechanism mech)
+	{ return allowed_auth_mechs & mech; }
+
 	RemoteClient():
 		peer_id(PEER_ID_INEXISTENT),
 		serialization_version(SER_FMT_VER_INVALID),
 		net_proto_version(0),
+		chosen_mech(AUTH_MECHANISM_NONE),
+		auth_data(NULL),
 		m_time_from_building(9999),
 		m_pending_serialization_version(SER_FMT_VER_INVALID),
 		m_state(CS_Created),
@@ -303,7 +346,6 @@ class RemoteClient
 	/* get uptime */
 	u32 uptime();
 
-
 	/* set version information */
 	void setVersionInfo(u8 major, u8 minor, u8 patch, std::string full) {
 		m_version_major = major;
diff --git a/src/network/clientopcodes.cpp b/src/network/clientopcodes.cpp
index 556e8d0c0e40ebb75a1fea2d9952ff0fa5c95481..3364de8c5340571ac727093f377db24caba2103e 100644
--- a/src/network/clientopcodes.cpp
+++ b/src/network/clientopcodes.cpp
@@ -28,8 +28,8 @@ const ToClientCommandHandler toClientCommandTable[TOCLIENT_NUM_MSG_TYPES] =
 	null_command_handler, // 0x01
 	{ "TOCLIENT_HELLO",                   TOCLIENT_STATE_NOT_CONNECTED, &Client::handleCommand_Hello }, // 0x02
 	{ "TOCLIENT_AUTH_ACCEPT",             TOCLIENT_STATE_NOT_CONNECTED, &Client::handleCommand_AuthAccept }, // 0x03
-	null_command_handler, // 0x04
-	null_command_handler, // 0x05
+	{ "TOCLIENT_ACCEPT_SUDO_MODE",        TOCLIENT_STATE_CONNECTED, &Client::handleCommand_AcceptSudoMode}, // 0x04
+	{ "TOCLIENT_DENY_SUDO_MODE",          TOCLIENT_STATE_CONNECTED, &Client::handleCommand_DenySudoMode}, // 0x05
 	null_command_handler, // 0x06
 	null_command_handler, // 0x07
 	null_command_handler, // 0x08
@@ -108,6 +108,19 @@ const ToClientCommandHandler toClientCommandTable[TOCLIENT_NUM_MSG_TYPES] =
 	{ "TOCLIENT_LOCAL_PLAYER_ANIMATIONS",  TOCLIENT_STATE_CONNECTED, &Client::handleCommand_LocalPlayerAnimations }, // 0x51
 	{ "TOCLIENT_EYE_OFFSET",               TOCLIENT_STATE_CONNECTED, &Client::handleCommand_EyeOffset }, // 0x52
 	{ "TOCLIENT_DELETE_PARTICLESPAWNER",   TOCLIENT_STATE_CONNECTED, &Client::handleCommand_DeleteParticleSpawner }, // 0x53
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	null_command_handler,
+	{ "TOCLIENT_SRP_BYTES_S_B",            TOCLIENT_STATE_NOT_CONNECTED, &Client::handleCommand_SrpBytesSandB }, // 0x60
 };
 
 const static ServerCommandFactory null_command_factory = { "TOSERVER_NULL", 0, false };
@@ -116,7 +129,7 @@ const ServerCommandFactory serverCommandFactoryTable[TOSERVER_NUM_MSG_TYPES] =
 {
 	null_command_factory, // 0x00
 	null_command_factory, // 0x01
-	null_command_factory, // 0x02
+	{ "TOSERVER_INIT",               1, false }, // 0x02
 	null_command_factory, // 0x03
 	null_command_factory, // 0x04
 	null_command_factory, // 0x05
@@ -129,7 +142,7 @@ const ServerCommandFactory serverCommandFactoryTable[TOSERVER_NUM_MSG_TYPES] =
 	null_command_factory, // 0x0c
 	null_command_factory, // 0x0d
 	null_command_factory, // 0x0e
-	{ "TOSERVER_INIT",               1, false }, // 0x0F
+	null_command_factory, // 0x0F
 	{ "TOSERVER_INIT_LEGACY",        1, false }, // 0x10
 	{ "TOSERVER_INIT2",              1, true }, // 0x11
 	null_command_factory, // 0x12
@@ -175,11 +188,26 @@ const ServerCommandFactory serverCommandFactoryTable[TOSERVER_NUM_MSG_TYPES] =
 	{ "TOSERVER_REMOVED_SOUNDS",     1, true }, // 0x3a
 	{ "TOSERVER_NODEMETA_FIELDS",    0, true }, // 0x3b
 	{ "TOSERVER_INVENTORY_FIELDS",   0, true }, // 0x3c
-	{ "TOSERVER_PASSWORD",           0, true }, // 0x3d
+	null_command_factory, // 0x3d
 	null_command_factory, // 0x3e
 	null_command_factory, // 0x3f
 	{ "TOSERVER_REQUEST_MEDIA",      1, true }, // 0x40
 	{ "TOSERVER_RECEIVED_MEDIA",     1, true }, // 0x41
 	{ "TOSERVER_BREATH",             0, true }, // 0x42
 	{ "TOSERVER_CLIENT_READY",       0, true }, // 0x43
+	null_command_factory, // 0x44
+	null_command_factory, // 0x45
+	null_command_factory, // 0x46
+	null_command_factory, // 0x47
+	null_command_factory, // 0x48
+	null_command_factory, // 0x49
+	null_command_factory, // 0x4a
+	null_command_factory, // 0x4b
+	null_command_factory, // 0x4c
+	null_command_factory, // 0x4d
+	null_command_factory, // 0x4e
+	null_command_factory, // 0x4f
+	{ "TOSERVER_FIRST_SRP",          1, true }, // 0x50
+	{ "TOSERVER_SRP_BYTES_A",        1, true }, // 0x51
+	{ "TOSERVER_SRP_BYTES_M",        1, true }, // 0x52
 };
diff --git a/src/network/clientpackethandler.cpp b/src/network/clientpackethandler.cpp
index bddf8f6fdc8cb37b2ad1d7493257fee181173af8..2106e4368b5ed6ca1b77774ba0f111e495a0f9d2 100644
--- a/src/network/clientpackethandler.cpp
+++ b/src/network/clientpackethandler.cpp
@@ -30,6 +30,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "strfnd.h"
 #include "network/clientopcodes.h"
 #include "util/serialize.h"
+#include "util/srp.h"
 
 void Client::handleCommand_Deprecated(NetworkPacket* pkt)
 {
@@ -44,10 +45,16 @@ void Client::handleCommand_Hello(NetworkPacket* pkt)
 		return;
 
 	u8 deployed;
-	*pkt >> deployed;
+	u32 auth_mechs;
+	std::string username_legacy; // for case insensitivity
+	*pkt >> deployed >> auth_mechs >> username_legacy;
+
+	// Chose an auth method we support
+	AuthMechanism chosen_auth_mechanism = choseAuthMech(auth_mechs);
 
 	infostream << "Client: TOCLIENT_HELLO received with "
-			"deployed=" << ((int)deployed & 0xff) << std::endl;
+			"deployed=" << ((int)deployed & 0xff) << ", auth_mechs="
+			<< auth_mechs << ", chosen=" << chosen_auth_mechanism << std::endl;
 
 	if (!ser_ver_supported(deployed)) {
 		infostream << "Client: TOCLIENT_HELLO: Server sent "
@@ -56,14 +63,43 @@ void Client::handleCommand_Hello(NetworkPacket* pkt)
 	}
 
 	m_server_ser_ver = deployed;
+	m_proto_ver = deployed;
+
+	//TODO verify that username_legacy matches sent username, only
+	// differs in casing (make both uppercase and compare)
+	// This is only neccessary though when we actually want to add casing support
+
+	if (m_chosen_auth_mech != AUTH_MECHANISM_NONE) {
+		// we recieved a TOCLIENT_HELLO while auth was already going on
+		errorstream << "Client: TOCLIENT_HELLO while auth was already going on"
+			<< "(chosen_mech=" << m_chosen_auth_mech << ")." << std::endl;
+		if ((m_chosen_auth_mech == AUTH_MECHANISM_SRP)
+				|| (m_chosen_auth_mech == AUTH_MECHANISM_LEGACY_PASSWORD)) {
+			srp_user_delete((SRPUser *) m_auth_data);
+			m_auth_data = 0;
+		}
+	}
+
+	// Authenticate using that method, or abort if there wasn't any method found
+	if (chosen_auth_mechanism != AUTH_MECHANISM_NONE) {
+		startAuth(chosen_auth_mechanism);
+	} else {
+		m_chosen_auth_mech = AUTH_MECHANISM_NONE;
+		m_access_denied = true;
+		m_access_denied_reason = "Unknown";
+		m_con.Disconnect();
+	}
 
-	// @ TODO auth to server
 }
 
 void Client::handleCommand_AuthAccept(NetworkPacket* pkt)
 {
+	m_chosen_auth_mech = AUTH_MECHANISM_NONE;
+	deleteAuthData();
+
 	v3f playerpos;
-	*pkt >> playerpos >> m_map_seed >> m_recommended_send_interval;
+	*pkt >> playerpos >> m_map_seed >> m_recommended_send_interval
+		>> m_sudo_auth_methods;
 
 	playerpos -= v3f(0, BS / 2, 0);
 
@@ -82,7 +118,28 @@ void Client::handleCommand_AuthAccept(NetworkPacket* pkt)
 
 	m_state = LC_Init;
 }
+void Client::handleCommand_AcceptSudoMode(NetworkPacket* pkt)
+{
+	m_chosen_auth_mech = AUTH_MECHANISM_NONE;
+	deleteAuthData();
+
+	m_password = m_new_password;
+
+	verbosestream << "Client: Recieved TOCLIENT_ACCEPT_SUDO_MODE." << std::endl;
 
+	// send packet to actually set the password
+	startAuth(AUTH_MECHANISM_FIRST_SRP);
+
+	// reset again
+	m_chosen_auth_mech = AUTH_MECHANISM_NONE;
+}
+void Client::handleCommand_DenySudoMode(NetworkPacket* pkt)
+{
+	m_chat_queue.push(L"Password change denied. Password NOT changed.");
+	// reset everything and be sad
+	deleteAuthData();
+	m_chosen_auth_mech = AUTH_MECHANISM_NONE;
+}
 void Client::handleCommand_InitLegacy(NetworkPacket* pkt)
 {
 	if (pkt->getSize() < 1)
@@ -101,6 +158,7 @@ void Client::handleCommand_InitLegacy(NetworkPacket* pkt)
 	}
 
 	m_server_ser_ver = deployed;
+	m_proto_ver = deployed;
 
 	// Get player position
 	v3s16 playerpos_s16(0, BS * 2 + BS * 20, 0);
@@ -1105,3 +1163,36 @@ void Client::handleCommand_EyeOffset(NetworkPacket* pkt)
 
 	*pkt >> player->eye_offset_first >> player->eye_offset_third;
 }
+
+void Client::handleCommand_SrpBytesSandB(NetworkPacket* pkt)
+{
+	if ((m_chosen_auth_mech != AUTH_MECHANISM_LEGACY_PASSWORD)
+			&& (m_chosen_auth_mech != AUTH_MECHANISM_SRP)) {
+		errorstream << "Client: Recieved SRP S_B login message,"
+			<< " but wasn't supposed to (chosen_mech="
+			<< m_chosen_auth_mech << ")." << std::endl;
+		return;
+	}
+
+	char *bytes_M = 0;
+	size_t len_M = 0;
+	SRPUser *usr = (SRPUser *) m_auth_data;
+	std::string s;
+	std::string B;
+	*pkt >> s >> B;
+
+	infostream << "Client: Recieved TOCLIENT_SRP_BYTES_S_B." << std::endl;
+
+	srp_user_process_challenge(usr, (const unsigned char *) s.c_str(), s.size(),
+		(const unsigned char *) B.c_str(), B.size(),
+		(unsigned char **) &bytes_M, &len_M);
+
+	if ( !bytes_M ) {
+		errorstream << "Client: SRP-6a S_B safety check violation!" << std::endl;
+		return;
+	}
+
+	NetworkPacket resp_pkt(TOSERVER_SRP_BYTES_M, 0);
+	resp_pkt << std::string(bytes_M, len_M);
+	Send(&resp_pkt);
+}
diff --git a/src/network/networkpacket.h b/src/network/networkpacket.h
index 0d2015e7fd1cb84c3f743c0fb640614c3557298e..0408b9cac14d415762e5ee268ba0ef1fec91a1b1 100644
--- a/src/network/networkpacket.h
+++ b/src/network/networkpacket.h
@@ -41,8 +41,10 @@ class NetworkPacket
 		u16 getPeerId() { return m_peer_id; }
 		u16 getCommand() { return m_command; }
 
-		// Data extractors
+		// Returns a c-string without copying.
+		// A better name for this would be getRawString()
 		char* getString(u32 from_offset);
+		// major difference to putCString(): doesn't write len into the buffer
 		void putRawString(const char* src, u32 len);
 
 		NetworkPacket& operator>>(std::string& dst);
diff --git a/src/network/networkprotocol.h b/src/network/networkprotocol.h
index ba934957d7b70ca31cb67e74127a8f4ee3f7f34a..ba12a206ed91a76368518d87758e328aabd53d11 100644
--- a/src/network/networkprotocol.h
+++ b/src/network/networkprotocol.h
@@ -120,11 +120,15 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 			permit translation
 		Add TOCLIENT_DELETE_PARTICLESPAWNER (0x53), fixing the u16 read and
 			reading u32
-		Add TOSERVER_INIT new opcode (0x02) for client presentation to server
-		Add TOSERVER_AUTH new opcode (0x03) for client authentication
+		Add new opcode TOSERVER_INIT for client presentation to server
+		Add new opcodes TOSERVER_FIRST_SRP, TOSERVER_SRP_BYTES_A,
+			TOSERVER_SRP_BYTES_M, TOCLIENT_SRP_BYTES_S_B
+			for the three supported auth mechanisms around srp
+		Add new opcodes TOCLIENT_ACCEPT_SUDO_MODE and TOCLIENT_DENY_SUDO_MODE
+			for sudo mode handling (auth mech generic way of changing password).
 		Add TOCLIENT_HELLO for presenting server to client after client
 			presentation
-		Add TOCLIENT_AUTH_ACCEPT to accept connexion from client
+		Add TOCLIENT_AUTH_ACCEPT to accept connection from client
 */
 
 #define LATEST_PROTOCOL_VERSION 24
@@ -151,14 +155,31 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 enum ToClientCommand
 {
 	TOCLIENT_HELLO = 0x02,
-	TOCLIENT_AUTH_ACCEPT = 0x03,
-	TOCLIENT_ACCESS_DENIED = 0x0A,
 	/*
-		u16 command
-		u16 reason_length
-		wstring reason
+		Sent after TOSERVER_INIT.
+
+		u8 deployed version
+		u32 supported auth methods
+		std::string username that should be used for legacy hash (for proper casing)
 	*/
+	TOCLIENT_AUTH_ACCEPT = 0x03,
+	/*
+		Message from server to accept auth.
 
+		v3s16 player's position + v3f(0,BS/2,0) floatToInt'd
+		u64 map seed
+		f1000 recommended send interval
+		u32 : supported auth methods for sudo mode
+		      (where the user can change their password)
+	*/
+	TOCLIENT_ACCEPT_SUDO_MODE = 0x04,
+	/*
+		Sent to client to show it is in sudo mode now.
+	*/
+	TOCLIENT_DENY_SUDO_MODE = 0x05,
+	/*
+		Signals client that sudo mode auth failed.
+	*/
 	TOCLIENT_INIT_LEGACY = 0x10,
 	/*
 		Server's reply to TOSERVER_INIT.
@@ -173,7 +194,11 @@ enum ToClientCommand
 		NOTE: The position in here is deprecated; position is
 		      explicitly sent afterwards
 	*/
-
+	TOCLIENT_ACCESS_DENIED = 0x0A,
+	/*
+		u8 reason
+		std::string custom reason (if reason == SERVER_ACCESSDENIED_CUSTOM_STRING)
+	*/
 	TOCLIENT_BLOCKDATA = 0x20, //TODO: Multiple blocks
 	TOCLIENT_ADDNODE = 0x21,
 	/*
@@ -589,7 +614,16 @@ enum ToClientCommand
 		u32 id
 	*/
 
-	TOCLIENT_NUM_MSG_TYPES = 0x54,
+	TOCLIENT_SRP_BYTES_S_B = 0x60,
+	/*
+		Belonging to AUTH_MECHANISM_LEGACY_PASSWORD and AUTH_MECHANISM_SRP.
+
+		u16 command
+		std::string bytes_s
+		std::string bytes_B
+	*/
+
+	TOCLIENT_NUM_MSG_TYPES = 0x61,
 };
 
 enum ToServerCommand
@@ -598,18 +632,11 @@ enum ToServerCommand
 	/*
 		Sent first after connected.
 
-		[0] u16 TOSERVER_INIT
 		[2] u8 SER_FMT_VER_HIGHEST_READ
 		[3] u8 compression_modes
-	*/
-
-	TOSERVER_AUTH = 0x03,
-	/*
-		Sent first after presentation (INIT).
-		[0] std::string player_name
-		[0+*] std::string password (new in some version)
-		[0+*+*] u16 minimum supported network protocol version (added sometime)
-		[0+*+*+2] u16 maximum supported network protocol version (added later than the previous one)
+		[4] u16 minimum supported network protocol version
+		[6] u16 maximum supported network protocol version
+		[8] std::string player name
 	*/
 
 	TOSERVER_INIT_LEGACY = 0x10,
@@ -817,15 +844,6 @@ enum ToServerCommand
 			u8[len] field value
 	*/
 
-	TOSERVER_PASSWORD = 0x3d,
-	/*
-		Sent to change password.
-
-		[0] u16 TOSERVER_PASSWORD
-		[2] std::string old password
-		[2+*] std::string new password
-	*/
-
 	TOSERVER_REQUEST_MEDIA = 0x40,
 	/*
 		u16 command
@@ -857,7 +875,49 @@ enum ToServerCommand
 		u8[len] full_version_string
 	*/
 
-	TOSERVER_NUM_MSG_TYPES = 0x44,
+	TOSERVER_FIRST_SRP = 0x50,
+	/*
+		Belonging to AUTH_MECHANISM_FIRST_SRP.
+
+		std::string srp salt
+		std::string srp verification key
+		u8 is_empty (=1 if password is empty, 0 otherwise)
+	*/
+
+	TOSERVER_SRP_BYTES_A = 0x51,
+	/*
+		Belonging to AUTH_MECHANISM_LEGACY_PASSWORD and AUTH_MECHANISM_SRP,
+			depending on current_login_based_on.
+
+		std::string bytes_A
+		u8 current_login_based_on : on which version of the password's
+		                            hash this login is based on (0 legacy hash,
+		                            or 1 directly the password)
+	*/
+
+	TOSERVER_SRP_BYTES_M = 0x52,
+	/*
+		Belonging to AUTH_MECHANISM_LEGACY_PASSWORD and AUTH_MECHANISM_SRP.
+
+		std::string bytes_M
+	*/
+
+	TOSERVER_NUM_MSG_TYPES = 0x53,
+};
+
+enum AuthMechanism
+{
+	// reserved
+	AUTH_MECHANISM_NONE = 0,
+
+	// SRP based on the legacy hash
+	AUTH_MECHANISM_LEGACY_PASSWORD = 1 << 0,
+
+	// SRP based on the srp verification key
+	AUTH_MECHANISM_SRP = 1 << 1,
+
+	// Establishes a srp verification key, for first login and password changing
+	AUTH_MECHANISM_FIRST_SRP = 1 << 2,
 };
 
 enum AccessDeniedCode {
diff --git a/src/network/serveropcodes.cpp b/src/network/serveropcodes.cpp
index 9c1da9ad17a6b48ed6c464260d60ec60dd08625e..92d24fe40b714da6cc23d5dc6d7a96c7932c1b86 100644
--- a/src/network/serveropcodes.cpp
+++ b/src/network/serveropcodes.cpp
@@ -26,8 +26,8 @@ const ToServerCommandHandler toServerCommandTable[TOSERVER_NUM_MSG_TYPES] =
 {
 	null_command_handler, // 0x00 (never use this)
 	null_command_handler, // 0x01
-	{ "TOSERVER_INIT",                    TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_Init }, // 0x02
-	{ "TOSERVER_AUTH",                    TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_Auth }, // 0x03
+	{ "TOSERVER_INIT",                     TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_Init }, // 0x02
+	null_command_handler, // 0x03
 	null_command_handler, // 0x04
 	null_command_handler, // 0x05
 	null_command_handler, // 0x06
@@ -85,13 +85,28 @@ const ToServerCommandHandler toServerCommandTable[TOSERVER_NUM_MSG_TYPES] =
 	{ "TOSERVER_REMOVED_SOUNDS",           TOSERVER_STATE_INGAME, &Server::handleCommand_RemovedSounds }, // 0x3a
 	{ "TOSERVER_NODEMETA_FIELDS",          TOSERVER_STATE_INGAME, &Server::handleCommand_NodeMetaFields }, // 0x3b
 	{ "TOSERVER_INVENTORY_FIELDS",         TOSERVER_STATE_INGAME, &Server::handleCommand_InventoryFields }, // 0x3c
-	{ "TOSERVER_PASSWORD",                 TOSERVER_STATE_INGAME, &Server::handleCommand_Password }, // 0x3d
+	null_command_handler, // 0x3d
 	null_command_handler, // 0x3e
 	null_command_handler, // 0x3f
 	{ "TOSERVER_REQUEST_MEDIA",            TOSERVER_STATE_STARTUP, &Server::handleCommand_RequestMedia }, // 0x40
 	{ "TOSERVER_RECEIVED_MEDIA",           TOSERVER_STATE_STARTUP, &Server::handleCommand_ReceivedMedia }, // 0x41
 	{ "TOSERVER_BREATH",                   TOSERVER_STATE_INGAME, &Server::handleCommand_Breath }, // 0x42
 	{ "TOSERVER_CLIENT_READY",             TOSERVER_STATE_STARTUP, &Server::handleCommand_ClientReady }, // 0x43
+	null_command_handler, // 0x44
+	null_command_handler, // 0x45
+	null_command_handler, // 0x46
+	null_command_handler, // 0x47
+	null_command_handler, // 0x48
+	null_command_handler, // 0x49
+	null_command_handler, // 0x4a
+	null_command_handler, // 0x4b
+	null_command_handler, // 0x4c
+	null_command_handler, // 0x4d
+	null_command_handler, // 0x4e
+	null_command_handler, // 0x4f
+	{ "TOSERVER_FIRST_SRP",          TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_FirstSrp }, // 0x50
+	{ "TOSERVER_SRP_BYTES_A",        TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_SrpBytesA }, // 0x51
+	{ "TOSERVER_SRP_BYTES_M",        TOSERVER_STATE_NOT_CONNECTED, &Server::handleCommand_SrpBytesM }, // 0x52
 };
 
 const static ClientCommandFactory null_command_factory = { "TOCLIENT_NULL", 0, false };
@@ -100,10 +115,10 @@ const ClientCommandFactory clientCommandFactoryTable[TOCLIENT_NUM_MSG_TYPES] =
 {
 	null_command_factory, // 0x00
 	null_command_factory, // 0x01
-	{ "TOCLIENT_HELLO",             0, true }, // 0x02
+	null_command_factory, // 0x02
 	{ "TOCLIENT_AUTH_ACCEPT",       0, true }, // 0x03
-	null_command_factory, // 0x04
-	null_command_factory, // 0x05
+	{ "TOCLIENT_ACCEPT_SUDO_MODE",  0, true }, // 0x04
+	{ "TOCLIENT_DENY_SUDO_MODE",    0, true }, // 0x05
 	null_command_factory, // 0x06
 	null_command_factory, // 0x07
 	null_command_factory, // 0x08
@@ -182,4 +197,17 @@ const ClientCommandFactory clientCommandFactoryTable[TOCLIENT_NUM_MSG_TYPES] =
 	{ "TOCLIENT_LOCAL_PLAYER_ANIMATIONS",  0, true }, // 0x51
 	{ "TOCLIENT_EYE_OFFSET",               0, true }, // 0x52
 	{ "TOCLIENT_DELETE_PARTICLESPAWNER",   0, true }, // 0x53
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	null_command_factory,
+	{ "TOSERVER_SRP_BYTES_S_B",            0, true }, // 0x60
 };
diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp
index 6b1d5bc025aaa0bbb4d0bab53b5e3ea947b8f0e9..a6f5ffca1b5222c212f68082338eec8a745422da 100644
--- a/src/network/serverpackethandler.cpp
+++ b/src/network/serverpackethandler.cpp
@@ -32,9 +32,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "version.h"
 #include "network/networkprotocol.h"
 #include "network/serveropcodes.h"
+#include "util/auth.h"
 #include "util/base64.h"
 #include "util/pointedthing.h"
 #include "util/serialize.h"
+#include "util/srp.h"
 
 void Server::handleCommand_Deprecated(NetworkPacket* pkt)
 {
@@ -92,13 +94,14 @@ void Server::handleCommand_Init(NetworkPacket* pkt)
 	u8 compression_modes;
 	u16 min_net_proto_version = 0;
 	u16 max_net_proto_version;
+	std::string playerName;
 
 	*pkt >> client_max >> compression_modes >> min_net_proto_version
-			>> max_net_proto_version;
+			>> max_net_proto_version >> playerName;
 
 	u8 our_max = SER_FMT_VER_HIGHEST_READ;
 	// Use the highest version supported by both
-	int deployed = std::min(client_max, our_max);
+	u8 deployed = std::min(client_max, our_max);
 	// If it's lower than the lowest supported, give up.
 	if (deployed < SER_FMT_VER_LOWEST)
 		deployed = SER_FMT_VER_INVALID;
@@ -137,7 +140,7 @@ void Server::handleCommand_Init(NetworkPacket* pkt)
 
 	client->net_proto_version = net_proto_version;
 
-	// On this handler protocol version 25 is required
+	// On this handler at least protocol version 25 is required
 	if (net_proto_version < 25 ||
 			net_proto_version < SERVER_PROTOCOL_VERSION_MIN ||
 			net_proto_version > SERVER_PROTOCOL_VERSION_MAX) {
@@ -156,36 +159,9 @@ void Server::handleCommand_Init(NetworkPacket* pkt)
 		}
 	}
 
-	// @TODO: check if we support same modes, but not required now
-
-	client->setSupportedCompressionModes(compression_modes);
-
-	m_clients.event(pkt->getPeerId(), CSE_Init);
-}
-
-void Server::handleCommand_Auth(NetworkPacket* pkt)
-{
-	std::string addr_s;
-	try {
-		Address address = getPeerAddress(pkt->getPeerId());
-		addr_s = address.serializeString();
-	}
-	catch (con::PeerNotFoundException &e) {
-		/*
-		 * no peer for this packet found
-		 * most common reason is peer timeout, e.g. peer didn't
-		 * respond for some time, your server was overloaded or
-		 * things like that.
-		 */
-		infostream << "Server::ProcessData(): Canceling: peer "
-				<< pkt->getPeerId() << " not found" << std::endl;
-		return;
-	}
-
-	std::string playerName, playerPassword;
-
-	*pkt >> playerName >> playerPassword;
-
+	/*
+		Validate player name
+	*/
 	const char* playername = playerName.c_str();
 
 	if (playerName.size() > PLAYERNAME_SIZE) {
@@ -202,6 +178,11 @@ void Server::handleCommand_Auth(NetworkPacket* pkt)
 		return;
 	}
 
+	m_clients.setPlayerName(pkt->getPeerId(), playername);
+	//TODO (later) case insensitivity
+
+	std::string legacyPlayerNameCasing = playerName;
+
 	if (!isSingleplayer() && strcasecmp(playername, "singleplayer") == 0) {
 		actionstream << "Server: Player with the name \"singleplayer\" "
 				<< "tried to connect from " << addr_s << std::endl;
@@ -222,23 +203,9 @@ void Server::handleCommand_Auth(NetworkPacket* pkt)
 		}
 	}
 
-	if (playerPassword.size() > PASSWORD_SIZE) {
-		actionstream << "Server: Player with an too long password "
-				<< "tried to connect from " << addr_s << std::endl;
-		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_WRONG_PASSWORD);
-		return;
-	}
-
 	infostream << "Server: New connection: \"" << playerName << "\" from "
 			<< addr_s << " (peer_id=" << pkt->getPeerId() << ")" << std::endl;
 
-	if(!base64_is_valid(playerPassword)){
-		actionstream << "Server: " << playerName
-				<< " supplied invalid password hash" << std::endl;
-		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_WRONG_PASSWORD);
-		return;
-	}
-
 	// Enforce user limit.
 	// Don't enforce for users that have some admin right
 	if (m_clients.getClientIDs(CS_Created).size() >= g_settings->getU16("max_users") &&
@@ -247,76 +214,74 @@ void Server::handleCommand_Auth(NetworkPacket* pkt)
 			!checkPriv(playername, "privs") &&
 			!checkPriv(playername, "password") &&
 			playername != g_settings->get("name")) {
-		actionstream << "Server: " << playername << " tried to join, but there"
-				<< " are already max_users="
+		actionstream << "Server: " << playername << " tried to join from "
+				<< addr_s << ", but there" << " are already max_users="
 				<< g_settings->getU16("max_users") << " players." << std::endl;
 		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_TOO_MANY_USERS);
 		return;
 	}
 
-	std::string checkpwd; // Password hash to check against
-	bool has_auth = m_script->getAuth(playername, &checkpwd, NULL);
-
-	// If no authentication info exists for user, create it
-	if (!has_auth) {
-		if (!isSingleplayer() &&
-				g_settings->getBool("disallow_empty_password") &&
-				playerPassword.empty()) {
-			actionstream << "Server: " << playerName
-					<< " supplied empty password" << std::endl;
-			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_EMPTY_PASSWORD);
+	/*
+		Compose auth methods for answer
+	*/
+	std::string encpwd; // encrypted Password field for the user
+	bool has_auth = m_script->getAuth(playername, &encpwd, NULL);
+	u32 auth_mechs = 0;
+
+	client->chosen_mech = AUTH_MECHANISM_NONE;
+
+	if (has_auth) {
+		std::vector<std::string> pwd_components = str_split(encpwd, '#');
+		if (pwd_components.size() == 4) {
+			if (pwd_components[1] == "1") { // 1 means srp
+				auth_mechs |= AUTH_MECHANISM_SRP;
+				client->enc_pwd = encpwd;
+			} else {
+				actionstream << "User " << playername
+					<< " tried to log in, but password field"
+					<< " was invalid (unknown mechcode)." << std::endl;
+				DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_SERVER_FAIL);
+				return;
+			}
+		} else if (base64_is_valid(encpwd)) {
+			auth_mechs |= AUTH_MECHANISM_LEGACY_PASSWORD;
+			client->enc_pwd = encpwd;
+		} else {
+			actionstream << "User " << playername
+				<< " tried to log in, but password field"
+				<< " was invalid (invalid base64)." << std::endl;
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_SERVER_FAIL);
 			return;
 		}
-		std::string raw_default_password =
-			g_settings->get("default_password");
-		std::string initial_password =
-			translatePassword(playername, raw_default_password);
-
-		// If default_password is empty, allow any initial password
-		if (raw_default_password.length() == 0)
-			initial_password = playerPassword.c_str();
-
-		m_script->createAuth(playername, initial_password);
-	}
-
-	has_auth = m_script->getAuth(playername, &checkpwd, NULL);
-
-	if(!has_auth) {
-		actionstream << "Server: " << playerName << " cannot be authenticated"
-				<< " (auth handler does not work?)" << std::endl;
-		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_SERVER_FAIL);
-		return;
-	}
-
-	if(playerPassword.c_str() != checkpwd) {
-		actionstream << "Server: " << playerName << " supplied wrong password"
-				<< std::endl;
-		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_WRONG_PASSWORD);
-		return;
-	}
-
-	RemotePlayer *player =
-			static_cast<RemotePlayer*>(m_env->getPlayer(playername));
-
-	if (player && player->peer_id != 0) {
-		errorstream << "Server: " << playername << ": Failed to emerge player"
-				<< " (player allocated to an another client)" << std::endl;
-		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_ALREADY_CONNECTED);
+	} else {
+		std::string default_password = g_settings->get("default_password");
+		if (default_password.length() == 0) {
+			auth_mechs |= AUTH_MECHANISM_FIRST_SRP;
+		} else {
+			// Take care of default passwords.
+			client->enc_pwd = getSRPVerifier(playerName, default_password);
+			auth_mechs |= AUTH_MECHANISM_SRP;
+		}
 	}
 
-	m_clients.setPlayerName(pkt->getPeerId(), playername);
-
 	/*
-		Answer with a TOCLIENT_INIT
+		Answer with a TOCLIENT_HELLO
 	*/
 
-	NetworkPacket resp_pkt(TOCLIENT_AUTH_ACCEPT, 1 + 6 + 8 + 4, pkt->getPeerId());
+	verbosestream << "Sending TOCLIENT_HELLO with auth method field: "
+		<< auth_mechs << std::endl;
 
-	resp_pkt << v3f(0,0,0) << (u64) m_env->getServerMap().getSeed()
-			<< g_settings->getFloat("dedicated_server_step");
+	NetworkPacket resp_pkt(TOCLIENT_HELLO, 1 + 4
+		+ legacyPlayerNameCasing.size(), pkt->getPeerId());
+
+	resp_pkt << deployed << auth_mechs << legacyPlayerNameCasing;
 
 	Send(&resp_pkt);
-	m_clients.event(pkt->getPeerId(), CSE_Init);
+
+	client->allowed_auth_mechs = auth_mechs;
+	client->setSupportedCompressionModes(compression_modes);
+
+	m_clients.event(pkt->getPeerId(), CSE_Hello);
 }
 
 void Server::handleCommand_Init_Legacy(NetworkPacket* pkt)
@@ -354,7 +319,7 @@ void Server::handleCommand_Init_Legacy(NetworkPacket* pkt)
 		return;
 	}
 
-	verbosestream << "Server: Got TOSERVER_INIT from " << addr_s << " (peer_id="
+	verbosestream << "Server: Got TOSERVER_INIT_LEGACY from " << addr_s << " (peer_id="
 			<< pkt->getPeerId() << ")" << std::endl;
 
 	// Do not allow multiple players in simple singleplayer mode.
@@ -422,6 +387,10 @@ void Server::handleCommand_Init_Legacy(NetworkPacket* pkt)
 			net_proto_version = max_net_proto_version;
 	}
 
+	// The client will send up to date init packet, ignore this one
+	if (net_proto_version >= 25)
+		return;
+
 	verbosestream << "Server: " << addr_s << ": Protocol version: min: "
 			<< min_net_proto_version << ", max: " << max_net_proto_version
 			<< ", chosen: " << net_proto_version << std::endl;
@@ -624,7 +593,7 @@ void Server::handleCommand_Init_Legacy(NetworkPacket* pkt)
 			<< g_settings->getFloat("dedicated_server_step");
 
 	Send(&resp_pkt);
-	m_clients.event(pkt->getPeerId(), CSE_Init);
+	m_clients.event(pkt->getPeerId(), CSE_InitLegacy);
 }
 
 void Server::handleCommand_Init2(NetworkPacket* pkt)
@@ -1223,33 +1192,33 @@ void Server::handleCommand_Breath(NetworkPacket* pkt)
 
 void Server::handleCommand_Password(NetworkPacket* pkt)
 {
-	if ((pkt->getCommand() == TOSERVER_PASSWORD && pkt->getSize() < 4) ||
-			pkt->getSize() != PASSWORD_SIZE * 2)
+	if (pkt->getSize() != PASSWORD_SIZE * 2)
 		return;
 
 	std::string oldpwd;
 	std::string newpwd;
 
-	if (pkt->getCommand() == TOSERVER_PASSWORD) {
-		*pkt >> oldpwd >> newpwd;
+	// Deny for clients using the new protocol
+	RemoteClient* client = getClient(pkt->getPeerId(), CS_Created);
+	if (client->net_proto_version >= 25) {
+		infostream << "Server::handleCommand_Password(): Denying change: "
+			<< " Client protocol version for peer_id=" << pkt->getPeerId()
+			<< " too new!" << std::endl;
+		return;
 	}
-	// 13/03/15
-	// Protocol v24 compat. Please remove in 1 year after
-	// client convergence to 0.4.13/0.5.x
-	else {
-		for (u16 i = 0; i < PASSWORD_SIZE - 1; i++) {
-			char c = pkt->getChar(i);
-			if (c == 0)
-				break;
-			oldpwd += c;
-		}
 
-		for (u16 i = 0; i < PASSWORD_SIZE - 1; i++) {
-			char c = pkt->getChar(PASSWORD_SIZE + i);
-			if (c == 0)
-				break;
-			newpwd += c;
-		}
+	for (u16 i = 0; i < PASSWORD_SIZE - 1; i++) {
+		char c = pkt->getChar(i);
+		if (c == 0)
+			break;
+		oldpwd += c;
+	}
+
+	for (u16 i = 0; i < PASSWORD_SIZE - 1; i++) {
+		char c = pkt->getChar(PASSWORD_SIZE + i);
+		if (c == 0)
+			break;
+		newpwd += c;
 	}
 
 	Player *player = m_env->getPlayer(pkt->getPeerId());
@@ -1848,3 +1817,258 @@ void Server::handleCommand_InventoryFields(NetworkPacket* pkt)
 
 	m_script->on_playerReceiveFields(playersao, formname, fields);
 }
+
+void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
+{
+	RemoteClient* client = getClient(pkt->getPeerId(), CS_Invalid);
+	ClientState cstate = client->getState();
+
+	std::string playername = client->getName();
+
+	std::string salt;
+	std::string verification_key;
+
+	std::string addr_s = getPeerAddress(pkt->getPeerId()).serializeString();
+	u8 is_empty;
+
+	*pkt >> salt >> verification_key >> is_empty;
+
+	verbosestream << "Server: Got TOSERVER_FIRST_SRP from " << addr_s
+		<< ", with is_empty= " << is_empty << std::endl;
+
+	// Either this packet is sent because the user is new or to change the password
+	if (cstate == CS_HelloSent) {
+		if (!client->isMechAllowed(AUTH_MECHANISM_FIRST_SRP)) {
+			actionstream << "Server: Client from " << addr_s
+					<< " tried to set password without being "
+					<< "authenticated, or the username being new." << std::endl;
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+			return;
+		}
+
+		if (!isSingleplayer() &&
+				g_settings->getBool("disallow_empty_password") &&
+				is_empty == 1) {
+			actionstream << "Server: " << playername
+					<< " supplied empty password from " << addr_s << std::endl;
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_EMPTY_PASSWORD);
+			return;
+		}
+
+		std::string initial_ver_key;
+		std::string raw_default_password = g_settings->get("default_password");
+		// If default_password is empty, allow any initial password
+		if (raw_default_password.length() == 0) {
+			initial_ver_key = encodeSRPVerifier(verification_key, salt);
+		} else {
+			initial_ver_key = getSRPVerifier(playername, raw_default_password);
+		}
+
+		m_script->createAuth(playername, initial_ver_key);
+
+		acceptAuth(pkt->getPeerId(), false);
+	} else {
+		if (cstate < CS_SudoMode) {
+			infostream << "Server::ProcessData(): Ignoring TOSERVER_FIRST_SRP from "
+					<< addr_s << ": " << "Client has wrong state " << cstate << "."
+					<< std::endl;
+			return;
+		}
+		m_clients.event(pkt->getPeerId(), CSE_SudoLeave);
+		std::string pw_db_field = encodeSRPVerifier(verification_key, salt);
+		bool success = m_script->setPassword(playername, pw_db_field);
+		if (success) {
+			actionstream << playername << " changes password" << std::endl;
+			SendChatMessage(pkt->getPeerId(), L"Password change successful.");
+		} else {
+			actionstream << playername << " tries to change password but "
+				<< "it fails" << std::endl;
+			SendChatMessage(pkt->getPeerId(), L"Password change failed or unavailable.");
+		}
+	}
+}
+
+void Server::handleCommand_SrpBytesA(NetworkPacket* pkt)
+{
+	RemoteClient* client = getClient(pkt->getPeerId(), CS_Invalid);
+	ClientState cstate = client->getState();
+
+	bool wantSudo = (cstate == CS_Active);
+
+	if (!((cstate == CS_HelloSent) || (cstate == CS_Active))) {
+		actionstream << "Server: got SRP _A packet in wrong state "
+			<< cstate << " from "
+			<< getPeerAddress(pkt->getPeerId()).serializeString()
+			<< ". Ignoring." << std::endl;
+		return;
+	}
+
+	if (client->chosen_mech != AUTH_MECHANISM_NONE) {
+		actionstream << "Server: got SRP _A packet, while auth"
+			<< "is already going on with mech " << client->chosen_mech
+			<< " from " << getPeerAddress(pkt->getPeerId()).serializeString()
+			<< " (wantSudo=" << wantSudo << "). Ignoring." << std::endl;
+		if (wantSudo) {
+			DenySudoAccess(pkt->getPeerId());
+			return;
+		} else {
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+			return;
+		}
+	}
+
+	std::string bytes_A;
+	u8 based_on;
+	*pkt >> bytes_A >> based_on;
+
+	infostream << "Server: TOSERVER_SRP_BYTES_A received with "
+		<< "based_on=" << int(based_on) << " and len_A="
+		<< bytes_A.length() << "." << std::endl;
+
+	AuthMechanism chosen = (based_on == 0) ?
+		AUTH_MECHANISM_LEGACY_PASSWORD : AUTH_MECHANISM_SRP;
+
+	if (wantSudo) {
+		if (!client->isSudoMechAllowed(chosen)) {
+			actionstream << "Server: Player \"" << client->getName()
+				<< "\" at " << getPeerAddress(pkt->getPeerId()).serializeString()
+				<< " tried to change password using unallowed mech "
+				<< chosen << "." << std::endl;
+			DenySudoAccess(pkt->getPeerId());
+			return;
+		}
+	} else {
+		if (!client->isMechAllowed(chosen)) {
+			actionstream << "Server: Client tried to authenticate from "
+				<< getPeerAddress(pkt->getPeerId()).serializeString()
+				<< " using unallowed mech " << chosen << "." << std::endl;
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+			return;
+		}
+	}
+
+	client->chosen_mech = chosen;
+
+	std::string bytes_s;
+	std::string bytes_v;
+
+	if (based_on == 0) {
+		char *p_bytes_s = 0;
+		size_t len_s = 0;
+		char *p_bytes_v = 0;
+		size_t len_v = 0;
+		getSRPVerifier(client->getName(), client->enc_pwd,
+			&p_bytes_s, &len_s,
+			&p_bytes_v, &len_v);
+		bytes_s = std::string(p_bytes_s, len_s);
+		bytes_v = std::string(p_bytes_v, len_v);
+		free(p_bytes_s);
+		free(p_bytes_v);
+	} else if (!decodeSRPVerifier(client->enc_pwd, &bytes_s, &bytes_v)) {
+		// Non-base64 errors should have been catched in the init handler
+		actionstream << "Server: User " << client->getName()
+			<< " tried to log in, but srp verifier field"
+			<< " was invalid (most likely invalid base64)." << std::endl;
+		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_SERVER_FAIL);
+		return;
+	}
+
+	char *bytes_B = 0;
+	size_t len_B = 0;
+
+	client->auth_data = srp_verifier_new(SRP_SHA256, SRP_NG_2048,
+		client->getName().c_str(),
+		(const unsigned char *) bytes_s.c_str(), bytes_s.size(),
+		(const unsigned char *) bytes_v.c_str(), bytes_v.size(),
+		(const unsigned char *) bytes_A.c_str(), bytes_A.size(),
+		NULL, 0,
+		(unsigned char **) &bytes_B, &len_B, NULL, NULL);
+
+	if (!bytes_B) {
+		actionstream << "Server: User " << client->getName()
+			<< " tried to log in, SRP-6a safety check violated in _A handler."
+			<< std::endl;
+		if (wantSudo) {
+			DenySudoAccess(pkt->getPeerId());
+			return;
+		} else {
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+			return;
+		}
+	}
+
+	NetworkPacket resp_pkt(TOCLIENT_SRP_BYTES_S_B, 0, pkt->getPeerId());
+	resp_pkt << bytes_s << std::string(bytes_B, len_B);
+	Send(&resp_pkt);
+}
+
+void Server::handleCommand_SrpBytesM(NetworkPacket* pkt)
+{
+	RemoteClient* client = getClient(pkt->getPeerId(), CS_Invalid);
+	ClientState cstate = client->getState();
+
+	bool wantSudo = (cstate == CS_Active);
+
+	verbosestream << "Server: Recieved TOCLIENT_SRP_BYTES_M." << std::endl;
+
+	if (!((cstate == CS_HelloSent) || (cstate == CS_Active))) {
+		actionstream << "Server: got SRP _M packet in wrong state "
+			<< cstate << " from "
+			<< getPeerAddress(pkt->getPeerId()).serializeString()
+			<< ". Ignoring." << std::endl;
+		return;
+	}
+
+	if ((client->chosen_mech != AUTH_MECHANISM_SRP)
+		&& (client->chosen_mech != AUTH_MECHANISM_LEGACY_PASSWORD)) {
+		actionstream << "Server: got SRP _M packet, while auth"
+			<< "is going on with mech " << client->chosen_mech
+			<< " from " << getPeerAddress(pkt->getPeerId()).serializeString()
+			<< " (wantSudo=" << wantSudo << "). Denying." << std::endl;
+		if (wantSudo) {
+			DenySudoAccess(pkt->getPeerId());
+			return;
+		} else {
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+			return;
+		}
+	}
+
+	std::string bytes_M;
+	*pkt >> bytes_M;
+
+	if (srp_verifier_get_session_key_length((SRPVerifier *) client->auth_data)
+			!= bytes_M.size()) {
+		actionstream << "Server: User " << client->getName()
+			<< " at " << getPeerAddress(pkt->getPeerId()).serializeString()
+			<< " sent bytes_M with invalid length " << bytes_M.size() << std::endl;
+		DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_UNEXPECTED_DATA);
+		return;
+	}
+
+	unsigned char *bytes_HAMK = 0;
+
+	srp_verifier_verify_session((SRPVerifier *) client->auth_data,
+		(unsigned char *)bytes_M.c_str(), &bytes_HAMK);
+
+	if (!bytes_HAMK) {
+		if (wantSudo) {
+			actionstream << "Server: User " << client->getName()
+				<< " at " << getPeerAddress(pkt->getPeerId()).serializeString()
+				<< " tried to change their password, but supplied wrong"
+				<< " (SRP) password for authentication." << std::endl;
+			DenySudoAccess(pkt->getPeerId());
+			return;
+		} else {
+			actionstream << "Server: User " << client->getName()
+				<< " at " << getPeerAddress(pkt->getPeerId()).serializeString()
+				<< " supplied wrong (SRP) password from address "
+				<< getPeerAddress(pkt->getPeerId()).serializeString()
+				<< "." << std::endl;
+			DenyAccess(pkt->getPeerId(), SERVER_ACCESSDENIED_WRONG_PASSWORD);
+			return;
+		}
+	}
+
+	acceptAuth(pkt->getPeerId(), wantSudo);
+}
diff --git a/src/script/lua_api/l_util.cpp b/src/script/lua_api/l_util.cpp
index 0464f46d955f553be1566bd5025b3557f843da12..283cca01f9124f61f5b2cf5e17af18feebb41146 100644
--- a/src/script/lua_api/l_util.cpp
+++ b/src/script/lua_api/l_util.cpp
@@ -30,6 +30,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "tool.h"
 #include "filesys.h"
 #include "settings.h"
+#include "util/auth.h"
 
 // debug(...)
 // Writes a line to dstream
diff --git a/src/server.cpp b/src/server.cpp
index 7289dc905a89edbb857d64254c66c5da839c2c96..f032da406de5bd1bdb37ad00f0849cf295b94052 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2537,6 +2537,13 @@ void Server::RespawnPlayer(u16 peer_id)
 		playersao->setPos(pos);
 	}
 }
+void Server::DenySudoAccess(u16 peer_id)
+{
+	DSTACK(__FUNCTION_NAME);
+
+	NetworkPacket pkt(TOCLIENT_DENY_SUDO_MODE, 0, peer_id);
+	Send(&pkt);
+}
 
 void Server::DenyAccess(u16 peer_id, AccessDeniedCode reason, const std::string &custom_reason)
 {
@@ -2558,6 +2565,37 @@ void Server::DenyAccess_Legacy(u16 peer_id, const std::wstring &reason)
 	m_con.DisconnectPeer(peer_id);
 }
 
+void Server::acceptAuth(u16 peer_id, bool forSudoMode)
+{
+	DSTACK(__FUNCTION_NAME);
+
+	if (!forSudoMode) {
+		RemoteClient* client = getClient(peer_id, CS_Invalid);
+
+		NetworkPacket resp_pkt(TOCLIENT_AUTH_ACCEPT, 1 + 6 + 8 + 4, peer_id);
+
+		// Right now, the auth mechs don't change between login and sudo mode.
+		u32 sudo_auth_mechs = client->allowed_auth_mechs;
+		client->allowed_sudo_mechs = sudo_auth_mechs;
+
+		resp_pkt << v3f(0,0,0) << (u64) m_env->getServerMap().getSeed()
+				<< g_settings->getFloat("dedicated_server_step")
+				<< sudo_auth_mechs;
+
+		Send(&resp_pkt);
+		m_clients.event(peer_id, CSE_AuthAccept);
+	} else {
+		NetworkPacket resp_pkt(TOCLIENT_ACCEPT_SUDO_MODE, 1 + 6 + 8 + 4, peer_id);
+
+		// We only support SRP right now
+		u32 sudo_auth_mechs = AUTH_MECHANISM_FIRST_SRP;
+
+		resp_pkt << sudo_auth_mechs;
+		Send(&resp_pkt);
+		m_clients.event(peer_id, CSE_SudoSuccess);
+	}
+}
+
 void Server::DeleteClient(u16 peer_id, ClientDeletionReason reason)
 {
 	DSTACK(__FUNCTION_NAME);
diff --git a/src/server.h b/src/server.h
index 25ffb7fc6550cb6a893b499478edf47291d744fa..f53e23a3acde5d3174dab431adee86127c2176e1 100644
--- a/src/server.h
+++ b/src/server.h
@@ -193,7 +193,6 @@ class Server : public con::PeerHandler, public MapEventReceiver,
 	void handleCommand_Null(NetworkPacket* pkt) {};
 	void handleCommand_Deprecated(NetworkPacket* pkt);
 	void handleCommand_Init(NetworkPacket* pkt);
-	void handleCommand_Auth(NetworkPacket* pkt);
 	void handleCommand_Init_Legacy(NetworkPacket* pkt);
 	void handleCommand_Init2(NetworkPacket* pkt);
 	void handleCommand_RequestMedia(NetworkPacket* pkt);
@@ -213,6 +212,9 @@ class Server : public con::PeerHandler, public MapEventReceiver,
 	void handleCommand_RemovedSounds(NetworkPacket* pkt);
 	void handleCommand_NodeMetaFields(NetworkPacket* pkt);
 	void handleCommand_InventoryFields(NetworkPacket* pkt);
+	void handleCommand_FirstSrp(NetworkPacket* pkt);
+	void handleCommand_SrpBytesA(NetworkPacket* pkt);
+	void handleCommand_SrpBytesM(NetworkPacket* pkt);
 
 	void ProcessData(NetworkPacket *pkt);
 
@@ -360,7 +362,9 @@ class Server : public con::PeerHandler, public MapEventReceiver,
 	void peerAdded(con::Peer *peer);
 	void deletingPeer(con::Peer *peer, bool timeout);
 
+	void DenySudoAccess(u16 peer_id);
 	void DenyAccess(u16 peer_id, AccessDeniedCode reason, const std::string &custom_reason="");
+	void acceptAuth(u16 peer_id, bool forSudoMode);
 	void DenyAccess_Legacy(u16 peer_id, const std::wstring &reason);
 	bool getClientConInfo(u16 peer_id, con::rtt_stat_type type,float* retval);
 	bool getClientInfo(u16 peer_id,ClientState* state, u32* uptime,
diff --git a/src/util/CMakeLists.txt b/src/util/CMakeLists.txt
index 112f09bb9b37b567066e69083cd86a2ac0346544..33900a43a36f9e15de8113b162984a5942986c41 100644
--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -1,11 +1,14 @@
 set(UTIL_SRCS
+	${CMAKE_CURRENT_SOURCE_DIR}/auth.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/base64.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/directiontables.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/numeric.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/pointedthing.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/serialize.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/sha1.cpp
+	${CMAKE_CURRENT_SOURCE_DIR}/sha256.c
 	${CMAKE_CURRENT_SOURCE_DIR}/string.cpp
+	${CMAKE_CURRENT_SOURCE_DIR}/srp.cpp
 	${CMAKE_CURRENT_SOURCE_DIR}/timetaker.cpp
 	PARENT_SCOPE)
 
diff --git a/src/util/auth.cpp b/src/util/auth.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..ac5139535fec63504932da2123a11161e277b655
--- /dev/null
+++ b/src/util/auth.cpp
@@ -0,0 +1,126 @@
+/*
+Minetest
+Copyright (C) 2015 est31 <MTest31@outlook.com>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 2.1 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include <algorithm>
+#include <string>
+#include "auth.h"
+#include "base64.h"
+#include "sha1.h"
+#include "srp.h"
+#include "string.h"
+
+// Get an sha-1 hash of the player's name combined with
+// the password entered. That's what the server uses as
+// their password. (Exception : if the password field is
+// blank, we send a blank password - this is for backwards
+// compatibility with password-less players).
+std::string translatePassword(const std::string &name,
+	const std::string &password)
+{
+	if (password.length() == 0)
+		return "";
+
+	std::string slt = name + password;
+	SHA1 sha1;
+	sha1.addBytes(slt.c_str(), slt.length());
+	unsigned char *digest = sha1.getDigest();
+	std::string pwd = base64_encode(digest, 20);
+	free(digest);
+	return pwd;
+}
+
+void getSRPVerifier(const std::string &name,
+	const std::string &password, char **salt, size_t *salt_len,
+	char **bytes_v, size_t *len_v)
+{
+	std::string n_name = lowercase(name);
+	srp_create_salted_verification_key(SRP_SHA256, SRP_NG_2048,
+		n_name.c_str(), (const unsigned char *)password.c_str(),
+		password.size(), (unsigned char **)salt, salt_len,
+		(unsigned char **)bytes_v, len_v, NULL, NULL);
+}
+
+// Get a db-ready SRP verifier
+// The salt param is only modifyable by this method so that you can free it
+// if it was allocated. You shouldn't use it for other purposes, as you will
+// need the contents of salt_len too.
+inline static std::string getSRPVerifier(const std::string &name,
+	const std::string &password, char ** salt, size_t salt_len)
+{
+	char * bytes_v = NULL;
+	size_t len_v;
+	getSRPVerifier(name, password, salt, &salt_len,
+		&bytes_v, &len_v);
+	std::string ret_val = encodeSRPVerifier(std::string(bytes_v, len_v),
+		std::string(*salt, salt_len));
+	free(bytes_v);
+	return ret_val;
+}
+
+// Get a db-ready SRP verifier
+std::string getSRPVerifier(const std::string &name,
+	const std::string &password)
+{
+	char * salt = NULL;
+	std::string ret_val = getSRPVerifier(name,
+		password, &salt, 0);
+	free(salt);
+	return ret_val;
+}
+
+// Get a db-ready SRP verifier
+std::string getSRPVerifier(const std::string &name,
+	const std::string &password, const std::string &salt)
+{
+	// The implementation won't change the salt if its set,
+	// therefore we can cast.
+	char *salt_cstr = (char *)salt.c_str();
+	return getSRPVerifier(name, password,
+		&salt_cstr, salt.size());
+}
+
+// Make a SRP verifier db-ready
+std::string encodeSRPVerifier(const std::string &verifier,
+	const std::string &salt)
+{
+	std::ostringstream ret_str;
+	ret_str << "#1#"
+		<< base64_encode((unsigned char*) salt.c_str(), salt.size()) << "#"
+		<< base64_encode((unsigned char*) verifier.c_str(), verifier.size());
+	return ret_str.str();
+}
+
+bool decodeSRPVerifier(const std::string &enc_pwd,
+	std::string *salt, std::string *bytes_v)
+{
+	std::vector<std::string> pwd_components = str_split(enc_pwd, '#');
+
+	if ((pwd_components.size() != 4)
+			|| (pwd_components[1] != "1") // 1 means srp
+			|| !base64_is_valid(pwd_components[2])
+			|| !base64_is_valid(pwd_components[3]))
+		return false;
+
+	std::string salt_str = base64_decode(pwd_components[2]);
+	std::string bytes_v_str = base64_decode(pwd_components[3]);
+	*salt = salt_str;
+	*bytes_v = bytes_v_str;
+	return true;
+
+}
diff --git a/src/util/auth.h b/src/util/auth.h
new file mode 100644
index 0000000000000000000000000000000000000000..36d8c20a49721e2f88e68c3a43a1d3fbf0d0281a
--- /dev/null
+++ b/src/util/auth.h
@@ -0,0 +1,37 @@
+/*
+Minetest
+Copyright (C) 2015 est31 <MTest31@outlook.com>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 2.1 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#ifndef AUTH_H
+#define AUTH_H
+
+std::string translatePassword(const std::string &name,
+	const std::string &password);
+void getSRPVerifier(const std::string &name,
+	const std::string &password, char **salt, size_t *salt_len,
+	char **bytes_v, size_t *len_v);
+std::string getSRPVerifier(const std::string &name,
+	const std::string &password);
+std::string getSRPVerifier(const std::string &name,
+	const std::string &password, const std::string &salt);
+std::string encodeSRPVerifier(const std::string &verifier,
+	const std::string &salt);
+bool decodeSRPVerifier(const std::string &enc_pwd,
+	std::string *salt, std::string *bytes_v);
+
+#endif
\ No newline at end of file
diff --git a/src/util/md32_common.h b/src/util/md32_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..085d1d7a506cd8d18bef927590dd61adf07935ef
--- /dev/null
+++ b/src/util/md32_common.h
@@ -0,0 +1,428 @@
+/* md32_common.h file used by sha256 implementation */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at lest 32 bit wide, if it's wider, then
+ *      HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro convering context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)   _lrotl(a,n)
+# elif defined(__ICC)
+#  define ROTATE(a,n)   _rotl(a,n)
+# elif defined(__MWERKS__)
+#  if defined(__POWERPC__)
+#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
+#  elif defined(__MC68K__)
+    /* Motorola specific tweak. <appro@fy.chalmers.se> */
+#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+#  else
+#   define ROTATE(a,n)  __rol(a,n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *                                    <appro@fy.chalmers.se>
+   */
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "roll %1,%0"            \
+                                : "=r"(ret)             \
+                                : "I"(n), "0"((unsigned int)(a))        \
+                                : "cc");                \
+                           ret;                         \
+                        })
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "rlwinm %0,%1,%2,0,31"  \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                           ret;                         \
+                        })
+#  elif defined(__s390x__)
+#   define ROTATE(a,n) ({ register unsigned int ret;    \
+                                asm ("rll %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                          ret;                          \
+                        })
+#  endif
+# endif
+#endif                          /* PEDANTIC */
+
+#ifndef ROTATE
+# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+      (defined(__x86_64) || defined(__x86_64__))
+#    if !defined(B_ENDIAN)
+    /*
+     * This gives ~30-40% performance improvement in SHA-256 compiled
+     * with gcc [on P4]. Well, first macro to be frank. We can pull
+     * this trick on x86* platforms only, because these CPUs can fetch
+     * unaligned data without raising an exception.
+     */
+#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   (c)+=4; (l)=r;                       })
+#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#    endif
+#   elif defined(__aarch64__)
+#    if defined(__BYTE_ORDER__)
+#     if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#      define HOST_c2l(c,l)      ({ unsigned int r;              \
+                                   asm ("rev    %w0,%w1"        \
+                                        :"=r"(r)                \
+                                        :"r"(*((const unsigned int *)(c))));\
+                                   (c)+=4; (l)=r;               })
+#      define HOST_l2c(l,c)      ({ unsigned int r;              \
+                                   asm ("rev    %w0,%w1"        \
+                                        :"=r"(r)                \
+                                        :"r"((unsigned int)(l)));\
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#     elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#      define HOST_c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#      define HOST_l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#     endif
+#    endif
+#   endif
+#  endif
+#  if defined(__s390__) || defined(__s390x__)
+#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#  endif
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+# endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__s390x__)
+#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
+                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
+                                   (c)+=4; (l);                         })
+#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
+                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
+                                   (c)+=4; (l);                         })
+#   endif
+#  endif
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   ifndef B_ENDIAN
+    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+#    define HOST_c2l(c,l)        ((l)=*((const unsigned int *)(c)), (c)+=4, l)
+#    define HOST_l2c(l,c)        (*((unsigned int *)(c))=(l), (c)+=4, l)
+#   endif
+#  endif
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+# endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    /*
+     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
+     * <weidai@eskimo.com> for pointing it out.
+     */
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    memset(p, 0, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ *                              <appro@fy.chalmers.se>
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ *                              <appro@fy.chalmers.se>
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/src/util/sha2.h b/src/util/sha2.h
new file mode 100644
index 0000000000000000000000000000000000000000..6ac045febe5894136b61c15b7771d207d81f0f64
--- /dev/null
+++ b/src/util/sha2.h
@@ -0,0 +1,154 @@
+/* crypto/sha/sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#  error SHA is disabled.
+# endif
+
+# if defined(OPENSSL_FIPS)
+#  define FIPS_SHA_SIZE_T size_t
+# endif
+
+/*
+	Compat stuff from OpenSSL land
+ */
+
+/* crypto.h */
+
+# define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+# define fips_md_init_ctx(alg, cx) \
+        int alg##_Init(cx##_CTX *c)
+# define fips_cipher_abort(alg) while(0)
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+# if defined(__LP32__)
+#  define SHA_LONG unsigned long
+# elif defined(__ILP64__)
+#  define SHA_LONG unsigned long
+#  define SHA_LONG_LOG2 3
+# else
+#  define SHA_LONG unsigned int
+# endif
+
+# define SHA_LBLOCK      16
+# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+    SHA_LONG h0, h1, h2, h3, h4;
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num;
+} SHA_CTX;
+
+# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA224_DIGEST_LENGTH    28
+# define SHA256_DIGEST_LENGTH    32
+
+typedef struct SHA256state_st {
+    SHA_LONG h[8];
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num, md_len;
+} SHA256_CTX;
+
+# ifndef OPENSSL_NO_SHA256
+#  ifdef OPENSSL_FIPS
+int private_SHA224_Init(SHA256_CTX *c);
+int private_SHA256_Init(SHA256_CTX *c);
+#  endif
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+# endif
+
+# define SHA384_DIGEST_LENGTH    48
+# define SHA512_DIGEST_LENGTH    64
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/util/sha256.c b/src/util/sha256.c
new file mode 100644
index 0000000000000000000000000000000000000000..311aac4a8aec1a2733ca47cd728c2cebbac9ac1a
--- /dev/null
+++ b/src/util/sha256.c
@@ -0,0 +1,404 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+# include <stdlib.h>
+# include <string.h>
+
+# include <util/sha2.h>
+
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2a 19 Mar 2015"
+# define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+
+const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
+
+/* mem_clr.c */
+unsigned char cleanse_ctr = 0;
+void OPENSSL_cleanse(void *ptr, size_t len)
+{
+    unsigned char *p = ptr;
+    size_t loop = len, ctr = cleanse_ctr;
+    while (loop--) {
+        *(p++) = (unsigned char)ctr;
+        ctr += (17 + ((size_t)p & 0xF));
+    }
+    p = memchr(ptr, (unsigned char)ctr, len);
+    if (p)
+        ctr += (63 + (size_t)p);
+    cleanse_ctr = (unsigned char)ctr;
+}
+
+# define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+#  define fips_md_init_ctx(alg, cx) \
+        int alg##_Init(cx##_CTX *c)
+#  define fips_cipher_abort(alg) while(0)
+
+fips_md_init_ctx(SHA224, SHA256)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0xc1059ed8UL;
+    c->h[1] = 0x367cd507UL;
+    c->h[2] = 0x3070dd17UL;
+    c->h[3] = 0xf70e5939UL;
+    c->h[4] = 0xffc00b31UL;
+    c->h[5] = 0x68581511UL;
+    c->h[6] = 0x64f98fa7UL;
+    c->h[7] = 0xbefa4fa4UL;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+fips_md_init(SHA256)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0x6a09e667UL;
+    c->h[1] = 0xbb67ae85UL;
+    c->h[2] = 0x3c6ef372UL;
+    c->h[3] = 0xa54ff53aUL;
+    c->h[4] = 0x510e527fUL;
+    c->h[5] = 0x9b05688cUL;
+    c->h[6] = 0x1f83d9abUL;
+    c->h[7] = 0x5be0cd19UL;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA224_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA224_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA256_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{
+    return SHA256_Update(c, data, len);
+}
+
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+    return SHA256_Final(md, c);
+}
+
+# define DATA_ORDER_IS_BIG_ENDIAN
+
+# define HASH_LONG               SHA_LONG
+# define HASH_CTX                SHA256_CTX
+# define HASH_CBLOCK             SHA_CBLOCK
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lenghts is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+# define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        unsigned int  nn;               \
+        switch ((c)->md_len)            \
+        {   case SHA224_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            case SHA256_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            default:                    \
+                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                    return 0;                           \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+        }                               \
+        } while (0)
+
+# define HASH_UPDATE             SHA256_Update
+# define HASH_TRANSFORM          SHA256_Transform
+# define HASH_FINAL              SHA256_Final
+# define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+# ifndef SHA256_ASM
+static
+# endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+
+# include "md32_common.h"
+
+# ifndef SHA256_ASM
+static const SHA_LONG K256[64] = {
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#  define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#  define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#  define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#  define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#  define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+#  define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#  ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG X[16], l;
+    int i;
+    const unsigned char *data = in;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+            HOST_c2l(data, l);
+            T1 = X[i] = l;
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 64; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+#  else
+
+#   define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+
+#   define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG X[16];
+    int i;
+    const unsigned char *data = in;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)in % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            T1 = X[0] = W[0];
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            T1 = X[1] = W[1];
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            T1 = X[2] = W[2];
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            T1 = X[3] = W[3];
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            T1 = X[4] = W[4];
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            T1 = X[5] = W[5];
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            T1 = X[6] = W[6];
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            T1 = X[7] = W[7];
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            T1 = X[8] = W[8];
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            T1 = X[9] = W[9];
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            T1 = X[10] = W[10];
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            T1 = X[11] = W[11];
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            T1 = X[12] = W[12];
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            T1 = X[13] = W[13];
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            T1 = X[14] = W[14];
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            T1 = X[15] = W[15];
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+            data += SHA256_CBLOCK;
+        } else {
+            SHA_LONG l;
+
+            HOST_c2l(data, l);
+            T1 = X[0] = l;
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            HOST_c2l(data, l);
+            T1 = X[1] = l;
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            HOST_c2l(data, l);
+            T1 = X[2] = l;
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            HOST_c2l(data, l);
+            T1 = X[3] = l;
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            HOST_c2l(data, l);
+            T1 = X[4] = l;
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            HOST_c2l(data, l);
+            T1 = X[5] = l;
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            HOST_c2l(data, l);
+            T1 = X[6] = l;
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            HOST_c2l(data, l);
+            T1 = X[7] = l;
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            HOST_c2l(data, l);
+            T1 = X[8] = l;
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            HOST_c2l(data, l);
+            T1 = X[9] = l;
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            HOST_c2l(data, l);
+            T1 = X[10] = l;
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            HOST_c2l(data, l);
+            T1 = X[11] = l;
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            HOST_c2l(data, l);
+            T1 = X[12] = l;
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            HOST_c2l(data, l);
+            T1 = X[13] = l;
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            HOST_c2l(data, l);
+            T1 = X[14] = l;
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            HOST_c2l(data, l);
+            T1 = X[15] = l;
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+        }
+
+        for (i = 16; i < 64; i += 8) {
+            ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+#  endif
+# endif                         /* SHA256_ASM */
diff --git a/src/util/srp.cpp b/src/util/srp.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..cc8bac6bb75b50b8b0445798c7d7837ee01a87cb
--- /dev/null
+++ b/src/util/srp.cpp
@@ -0,0 +1,1029 @@
+/*
+ * Secure Remote Password 6a implementation
+ * https://github.com/est31/csrp-gmp
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2010, 2013 Tom Cocagne, 2015 est31 <MTest31@outlook.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is furnished to do
+ * so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+#ifdef WIN32
+	#include <windows.h>
+	#include <wincrypt.h>
+#else
+	#include <time.h>
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include <config.h>
+
+#if USE_SYSTEM_GMP || defined (__ANDROID__) || defined (ANDROID)
+	#include <gmp.h>
+#else
+	#include <gmp/mini-gmp.h>
+#endif
+
+#include <util/sha2.h>
+
+#include "srp.h"
+//#define CSRP_USE_SHA1
+#define CSRP_USE_SHA256
+
+#define srp_dbg_data(data, datalen, prevtext) ;
+/*void srp_dbg_data(unsigned char * data, size_t datalen, char * prevtext)
+{
+	printf(prevtext);
+	size_t i;
+	for (i = 0; i < datalen; i++)
+	{
+		printf("%02X", data[i]);
+	}
+	printf("\n");
+}*/
+
+static int g_initialized = 0;
+
+#define RAND_BUFF_MAX 128
+static unsigned int g_rand_idx;
+static unsigned char g_rand_buff[RAND_BUFF_MAX];
+
+typedef struct
+{
+	mpz_t N;
+	mpz_t g;
+} NGConstant;
+
+struct NGHex
+{
+	const char* n_hex;
+	const char* g_hex;
+};
+
+/* All constants here were pulled from Appendix A of RFC 5054 */
+static struct NGHex global_Ng_constants[] = {
+	{ /* 1024 */
+	"EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496"
+	"EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8E"
+	"F4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA"
+	"9AFD5138FE8376435B9FC61D2FC0EB06E3",
+	"2"
+	},
+	{ /* 2048 */
+	"AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4"
+	"A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF60"
+	"95179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF"
+	"747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B907"
+	"8717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB37861"
+	"60279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DB"
+	"FBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
+	"2"
+	},
+	{ /* 4096 */
+	"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+	"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+	"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+	"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+	"49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+	"FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+	"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+	"180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+	"3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+	"04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+	"B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+	"1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+	"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+	"E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+	"99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+	"04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+	"233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+	"D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
+	"FFFFFFFFFFFFFFFF",
+	"5"
+	},
+	{ /* 8192 */
+	"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+	"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+	"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+	"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+	"49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+	"FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+	"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+	"180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+	"3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+	"04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+	"B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+	"1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+	"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+	"E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+	"99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+	"04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+	"233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+	"D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+	"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+	"AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+	"DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+	"2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+	"F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+	"BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+	"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+	"B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+	"387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
+	"6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA"
+	"3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C"
+	"5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+	"22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC886"
+	"2F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A6"
+	"6D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC5"
+	"0846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268"
+	"359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6"
+	"FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
+	"60C980DD98EDD3DFFFFFFFFFFFFFFFFF",
+	"13"
+	},
+	{0,0} /* null sentinel */
+};
+
+
+static NGConstant *new_ng( SRP_NGType ng_type, const char *n_hex, const char *g_hex )
+{
+	NGConstant *ng = (NGConstant *) malloc(sizeof(NGConstant));
+	mpz_init(ng->N);
+	mpz_init(ng->g);
+
+	if (!ng || !ng->N || !ng->g)
+		return 0;
+
+	if (ng_type != SRP_NG_CUSTOM) {
+		n_hex = global_Ng_constants[ ng_type ].n_hex;
+		g_hex = global_Ng_constants[ ng_type ].g_hex;
+	}
+
+	mpz_set_str(ng->N, n_hex, 16);
+	mpz_set_str(ng->g, g_hex, 16);
+
+	return ng;
+}
+
+static void delete_ng( NGConstant *ng )
+{
+	if (ng) {
+		mpz_clear(ng->N);
+		mpz_clear(ng->g);
+		free(ng);
+	}
+}
+
+
+
+typedef union
+{
+	SHA_CTX    sha;
+	SHA256_CTX sha256;
+	//SHA512_CTX sha512;
+} HashCTX;
+
+
+struct SRPVerifier
+{
+	SRP_HashAlgorithm hash_alg;
+	NGConstant *ng;
+
+	char *username;
+	unsigned char *bytes_B;
+	int authenticated;
+
+	unsigned char M[SHA512_DIGEST_LENGTH];
+	unsigned char H_AMK[SHA512_DIGEST_LENGTH];
+	unsigned char session_key[SHA512_DIGEST_LENGTH];
+};
+
+
+struct SRPUser
+{
+	SRP_HashAlgorithm hash_alg;
+	NGConstant *ng;
+
+	mpz_t a;
+	mpz_t A;
+	mpz_t S;
+
+	unsigned char *bytes_A;
+	int authenticated;
+
+	char *username;
+	char *username_verifier;
+	unsigned char *password;
+	size_t password_len;
+
+	unsigned char M[SHA512_DIGEST_LENGTH];
+	unsigned char H_AMK[SHA512_DIGEST_LENGTH];
+	unsigned char session_key[SHA512_DIGEST_LENGTH];
+};
+
+
+static int hash_init(SRP_HashAlgorithm alg, HashCTX *c)
+{
+	switch (alg) {
+#ifdef CSRP_USE_SHA1
+		case SRP_SHA1: return SHA1_Init(&c->sha);
+#endif
+		/*case SRP_SHA224: return SHA224_Init(&c->sha256);*/
+#ifdef CSRP_USE_SHA256
+		case SRP_SHA256: return SHA256_Init(&c->sha256);
+#endif
+		/*case SRP_SHA384: return SHA384_Init(&c->sha512);
+		case SRP_SHA512: return SHA512_Init(&c->sha512);*/
+		default: return -1;
+	};
+}
+static int hash_update( SRP_HashAlgorithm alg, HashCTX *c, const void *data, size_t len )
+{
+	switch (alg) {
+#ifdef CSRP_USE_SHA1
+		case SRP_SHA1: return SHA1_Update(&c->sha, data, len);
+#endif
+		/*case SRP_SHA224: return SHA224_Update(&c->sha256, data, len);*/
+#ifdef CSRP_USE_SHA256
+		case SRP_SHA256: return SHA256_Update(&c->sha256, data, len);
+#endif
+		/*case SRP_SHA384: return SHA384_Update( &c->sha512, data, len );
+		case SRP_SHA512: return SHA512_Update( &c->sha512, data, len );*/
+		default: return -1;
+	};
+}
+static int hash_final( SRP_HashAlgorithm alg, HashCTX *c, unsigned char *md )
+{
+	switch (alg) {
+#ifdef CSRP_USE_SHA1
+		case SRP_SHA1: return SHA1_Final(md, &c->sha);
+#endif
+		/*case SRP_SHA224: return SHA224_Final(md, &c->sha256);*/
+#ifdef CSRP_USE_SHA256
+		case SRP_SHA256: return SHA256_Final(md, &c->sha256);
+#endif
+		/*case SRP_SHA384: return SHA384_Final(md, &c->sha512);
+		case SRP_SHA512: return SHA512_Final(md, &c->sha512);*/
+		default: return -1;
+	};
+}
+static unsigned char *hash(SRP_HashAlgorithm alg, const unsigned char *d, size_t n, unsigned char *md)
+{
+	switch (alg) {
+#ifdef CSRP_USE_SHA1
+		case SRP_SHA1: return SHA1(d, n, md);
+#endif
+		/*case SRP_SHA224: return SHA224( d, n, md );*/
+#ifdef CSRP_USE_SHA256
+		case SRP_SHA256: return SHA256(d, n, md);
+#endif
+		/*case SRP_SHA384: return SHA384( d, n, md );
+		case SRP_SHA512: return SHA512( d, n, md );*/
+		default: return 0;
+	};
+}
+static size_t hash_length(SRP_HashAlgorithm alg)
+{
+	switch (alg) {
+#ifdef CSRP_USE_SHA1
+		case SRP_SHA1: return SHA_DIGEST_LENGTH;
+#endif
+		/*case SRP_SHA224: return SHA224_DIGEST_LENGTH;*/
+#ifdef CSRP_USE_SHA256
+		case SRP_SHA256: return SHA256_DIGEST_LENGTH;
+#endif
+		/*case SRP_SHA384: return SHA384_DIGEST_LENGTH;
+		case SRP_SHA512: return SHA512_DIGEST_LENGTH;*/
+		default: return -1;
+	};
+}
+
+inline static int mpz_num_bytes(const mpz_t op)
+{
+	return (mpz_sizeinbase (op, 2) + 7) / 8;
+}
+
+inline static void mpz_to_bin(const mpz_t op, unsigned char *to)
+{
+	mpz_export(to, NULL, 1, 1, 1, 0, op);
+}
+
+inline static void mpz_from_bin(const unsigned char *s, size_t len, mpz_t ret)
+{
+	mpz_import(ret, len, 1, 1, 1, 0, s);
+}
+
+// set op to (op1 * op2) mod d, using tmp for the calculation
+inline static void mpz_mulm(mpz_t op, const mpz_t op1, const mpz_t op2, const mpz_t d, mpz_t tmp)
+{
+	mpz_mul(tmp, op1, op2);
+	mpz_mod(op, tmp, d);
+}
+
+// set op to (op1 + op2) mod d, using tmp for the calculation
+inline static void mpz_addm( mpz_t op, const mpz_t op1, const mpz_t op2, const mpz_t d, mpz_t tmp )
+{
+	mpz_add(tmp, op1, op2);
+	mpz_mod(op, tmp, d);
+}
+
+// set op to (op1 - op2) mod d, using tmp for the calculation
+inline static void mpz_subm(mpz_t op, const mpz_t op1, const mpz_t op2, const mpz_t d, mpz_t tmp)
+{
+	mpz_sub(tmp, op1, op2);
+	mpz_mod(op, tmp, d);
+}
+
+static int H_nn(mpz_t result, SRP_HashAlgorithm alg, const mpz_t N, const mpz_t n1, const mpz_t n2)
+{
+	unsigned char buff[SHA512_DIGEST_LENGTH];
+	size_t len_N = mpz_num_bytes(N);
+	size_t len_n1 = mpz_num_bytes(n1);
+	size_t len_n2 = mpz_num_bytes(n2);
+	size_t nbytes = len_N + len_N;
+	unsigned char *bin = (unsigned char *) malloc(nbytes);
+	if (!bin)
+		return 0;
+	if (len_n1 > len_N || len_n2 > len_N) {
+		free(bin);
+		return 0;
+	}
+	memset(bin, 0, nbytes);
+	mpz_to_bin(n1, bin + (len_N - len_n1));
+	mpz_to_bin(n2, bin + (len_N + len_N - len_n2));
+	hash( alg, bin, nbytes, buff );
+	free(bin);
+	mpz_from_bin(buff, hash_length(alg), result);
+	return 1;
+}
+
+static int H_ns(mpz_t result, SRP_HashAlgorithm alg, const unsigned char *n, size_t len_n, const unsigned char *bytes, size_t len_bytes)
+{
+	unsigned char buff[SHA512_DIGEST_LENGTH];
+	size_t nbytes = len_n + len_bytes;
+	unsigned char *bin = (unsigned char *) malloc(nbytes);
+	if (!bin)
+		return 0;
+	memcpy(bin, n, len_n);
+	memcpy(bin + len_n, bytes, len_bytes);
+	hash(alg, bin, nbytes, buff);
+	free(bin);
+	mpz_from_bin(buff, hash_length(alg), result);
+	return 1;
+}
+
+static int calculate_x(mpz_t result, SRP_HashAlgorithm alg, const unsigned char *salt, size_t salt_len, const char *username, const unsigned char *password, size_t password_len)
+{
+	unsigned char ucp_hash[SHA512_DIGEST_LENGTH];
+	HashCTX ctx;
+	hash_init(alg, &ctx);
+
+	srp_dbg_data((char*) username, strlen(username), "Username for x: ");
+	srp_dbg_data((char*) password, password_len, "Password for x: ");
+	hash_update(alg, &ctx, username, strlen(username));
+	hash_update(alg, &ctx, ":", 1);
+	hash_update(alg, &ctx, password, password_len);
+
+	hash_final(alg, &ctx, ucp_hash);
+
+	return H_ns(result, alg, salt, salt_len, ucp_hash, hash_length(alg));
+}
+
+static void update_hash_n(SRP_HashAlgorithm alg, HashCTX *ctx, const mpz_t n)
+{
+	size_t len = mpz_num_bytes(n);
+	unsigned char* n_bytes = (unsigned char *) malloc(len);
+	if (!n_bytes)
+		return;
+	mpz_to_bin(n, n_bytes);
+	hash_update(alg, ctx, n_bytes, len);
+	free(n_bytes);
+}
+
+static void hash_num( SRP_HashAlgorithm alg, const mpz_t n, unsigned char *dest )
+{
+	int nbytes = mpz_num_bytes(n);
+	unsigned char *bin = (unsigned char *) malloc(nbytes);
+	if(!bin)
+		return;
+	mpz_to_bin(n, bin);
+	hash(alg, bin, nbytes, dest);
+	free(bin);
+}
+
+static void calculate_M(SRP_HashAlgorithm alg, NGConstant *ng, unsigned char *dest,
+	const char *I, const unsigned char *s_bytes, size_t s_len,
+	const mpz_t A, const mpz_t B, const unsigned char *K)
+{
+	unsigned char H_N[SHA512_DIGEST_LENGTH];
+	unsigned char H_g[SHA512_DIGEST_LENGTH];
+	unsigned char H_I[SHA512_DIGEST_LENGTH];
+	unsigned char H_xor[SHA512_DIGEST_LENGTH];
+	HashCTX ctx;
+	size_t i = 0;
+	size_t hash_len = hash_length(alg);
+
+	hash_num(alg, ng->N, H_N);
+	hash_num(alg, ng->g, H_g);
+
+	hash(alg, (const unsigned char *)I, strlen(I), H_I);
+
+
+	for (i = 0; i < hash_len; i++ )
+		H_xor[i] = H_N[i] ^ H_g[i];
+
+	hash_init(alg, &ctx);
+
+	hash_update(alg, &ctx, H_xor, hash_len);
+	hash_update(alg, &ctx, H_I, hash_len);
+	hash_update(alg, &ctx, s_bytes, s_len);
+	update_hash_n(alg, &ctx, A);
+	update_hash_n(alg, &ctx, B);
+	hash_update(alg, &ctx, K, hash_len);
+
+	hash_final(alg, &ctx, dest);
+}
+
+static void calculate_H_AMK(SRP_HashAlgorithm alg, unsigned char *dest, const mpz_t A, const unsigned char *M, const unsigned char *K)
+{
+	HashCTX ctx;
+
+	hash_init(alg, &ctx);
+
+	update_hash_n(alg, &ctx, A);
+	hash_update(alg, &ctx, M, hash_length(alg));
+	hash_update(alg, &ctx, K, hash_length(alg));
+
+	hash_final(alg, &ctx, dest);
+}
+
+
+struct srp_pcgrandom {
+	unsigned long long int m_state;
+	unsigned long long int m_inc;
+}; typedef struct srp_pcgrandom srp_pcgrandom;
+
+static unsigned long int srp_pcgrandom_next(srp_pcgrandom *r)
+{
+	unsigned long long int oldstate = r->m_state;
+	r->m_state = oldstate * 6364136223846793005ULL + r->m_inc;
+
+	unsigned long int xorshifted = ((oldstate >> 18u) ^ oldstate) >> 27u;
+	unsigned long int rot = oldstate >> 59u;
+	return (xorshifted >> rot) | (xorshifted << ((-rot) & 31));
+}
+
+static void srp_pcgrandom_seed(srp_pcgrandom *r, unsigned long long int state,
+	unsigned long long int  seq)
+{
+	r->m_state = 0U;
+	r->m_inc = (seq << 1u) | 1u;
+	srp_pcgrandom_next(r);
+	r->m_state += state;
+	srp_pcgrandom_next(r);
+}
+
+
+static int fill_buff()
+{
+	g_rand_idx = 0;
+
+#ifdef WIN32
+	HCRYPTPROV wctx;
+#else
+	FILE *fp = 0;
+#endif
+
+#ifdef WIN32
+
+	CryptAcquireContext(&wctx, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
+	CryptGenRandom(wctx, sizeof(g_rand_buff), (BYTE*) g_rand_buff);
+	CryptReleaseContext(wctx, 0);
+
+	return 1;
+
+#else
+	fp = fopen("/dev/urandom", "r");
+
+	if (fp) {
+		fread(g_rand_buff, sizeof(g_rand_buff), 1, fp);
+		fclose(fp);
+	} else {
+		srp_pcgrandom *r = (srp_pcgrandom *) malloc(sizeof(srp_pcgrandom));
+		srp_pcgrandom_seed(r, time(NULL) ^ clock(), 0xda3e39cb94b95bdbULL);
+		size_t i = 0;
+		for (i = 0; i < RAND_BUFF_MAX; i++) {
+			g_rand_buff[i] = srp_pcgrandom_next(r);
+		}
+	}
+#endif
+	return 1;
+}
+
+static void mpz_fill_random(mpz_t num)
+{
+	// was call: BN_rand(num, 256, -1, 0);
+	if (RAND_BUFF_MAX - g_rand_idx < 32)
+		fill_buff();
+	mpz_from_bin((const unsigned char *) (&g_rand_buff[g_rand_idx]), 32, num);
+	g_rand_idx += 32;
+}
+
+static void init_random()
+{
+	if (g_initialized)
+		return;
+	g_initialized = fill_buff();
+}
+
+#define srp_dbg_num(num, text) ;
+/*void srp_dbg_num(mpz_t num, char * prevtext)
+{
+	int len_num = mpz_num_bytes(num);
+	char *bytes_num = (char*) malloc(len_num);
+	mpz_to_bin(num, (unsigned char *) bytes_num);
+	srp_dbg_data(bytes_num, len_num, prevtext);
+	free(bytes_num);
+
+}*/
+
+/***********************************************************************************************************
+ *
+ *  Exported Functions
+ *
+ ***********************************************************************************************************/
+
+void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
+	SRP_NGType ng_type, const char *username_for_verifier,
+	const unsigned char *password, size_t len_password,
+	unsigned char **bytes_s,  size_t *len_s,
+	unsigned char **bytes_v, size_t *len_v,
+	const char *n_hex, const char *g_hex )
+{
+	mpz_t v; mpz_init(v);
+	mpz_t x; mpz_init(x);
+	NGConstant *ng = new_ng(ng_type, n_hex, g_hex);
+
+	if(!ng)
+		goto cleanup_and_exit;
+
+	if (*bytes_s == NULL) {
+		*len_s = 16;
+		if (RAND_BUFF_MAX - g_rand_idx < 16)
+			fill_buff();
+		*bytes_s = (unsigned char*)malloc(sizeof(char) * 16);
+		memcpy(*bytes_s, &g_rand_buff + g_rand_idx, sizeof(char) * 16);
+		g_rand_idx += 16;
+	}
+
+
+	if (!calculate_x(x, alg, *bytes_s, *len_s, username_for_verifier,
+			password, len_password))
+		goto cleanup_and_exit;
+
+	srp_dbg_num(x, "Server calculated x: ");
+
+	mpz_powm(v, ng->g, x, ng->N);
+
+	*len_v = mpz_num_bytes(v);
+
+	*bytes_v = (unsigned char*)malloc(*len_v);
+
+	if (!bytes_v)
+		goto cleanup_and_exit;
+
+	mpz_to_bin(v, *bytes_v);
+
+cleanup_and_exit:
+	delete_ng( ng );
+	mpz_clear(v);
+	mpz_clear(x);
+}
+
+
+
+/* Out: bytes_B, len_B.
+ *
+ * On failure, bytes_B will be set to NULL and len_B will be set to 0
+ */
+struct SRPVerifier *srp_verifier_new(SRP_HashAlgorithm alg,
+	SRP_NGType ng_type, const char *username,
+	const unsigned char *bytes_s, size_t len_s,
+	const unsigned char *bytes_v, size_t len_v,
+	const unsigned char *bytes_A, size_t len_A,
+	const unsigned char *bytes_b, size_t len_b,
+	unsigned char **bytes_B, size_t *len_B,
+	const char *n_hex, const char *g_hex )
+{
+	mpz_t v; mpz_init(v); mpz_from_bin(bytes_v, len_v, v);
+	mpz_t A; mpz_init(A); mpz_from_bin(bytes_A, len_A, A);
+	mpz_t u; mpz_init(u);
+	mpz_t B; mpz_init(B);
+	mpz_t S; mpz_init(S);
+	mpz_t b; mpz_init(b);
+	mpz_t k; mpz_init(k);
+	mpz_t tmp1; mpz_init(tmp1);
+	mpz_t tmp2; mpz_init(tmp2);
+	mpz_t tmp3; mpz_init(tmp3);
+	size_t ulen = strlen(username) + 1;
+	NGConstant *ng = new_ng(ng_type, n_hex, g_hex);
+	struct SRPVerifier *ver = 0;
+
+	*len_B = 0;
+	*bytes_B = 0;
+
+	if (!ng)
+		goto cleanup_and_exit;
+
+	ver = (struct SRPVerifier *) malloc( sizeof(struct SRPVerifier) );
+
+	if (!ver)
+		goto cleanup_and_exit;
+
+	init_random(); /* Only happens once */
+
+	ver->username = (char *) malloc(ulen);
+	ver->hash_alg = alg;
+	ver->ng = ng;
+
+	if (!ver->username) {
+		free(ver);
+		ver = 0;
+		goto cleanup_and_exit;
+	}
+
+	memcpy((char*)ver->username, username, ulen);
+
+	ver->authenticated = 0;
+
+	/* SRP-6a safety check */
+	mpz_mod(tmp1, A, ng->N);
+	if (mpz_sgn(tmp1) != 0) {
+		if (bytes_b) {
+			mpz_from_bin(bytes_b, len_b, b);
+		} else {
+			mpz_fill_random(b);
+		}
+
+		if (!H_nn(k, alg, ng->N, ng->N, ng->g)) {
+			free(ver);
+			ver = 0;
+			goto cleanup_and_exit;
+		}
+
+		/* B = kv + g^b */
+		mpz_mulm(tmp1, k, v, ng->N, tmp3);
+		mpz_powm(tmp2, ng->g, b, ng->N);
+		mpz_addm(B, tmp1, tmp2, ng->N, tmp3);
+
+		if (!H_nn(u, alg, ng->N, A, B)) {
+			free(ver);
+			ver = 0;
+			goto cleanup_and_exit;
+		}
+
+		srp_dbg_num(u, "Server calculated u: ");
+
+		/* S = (A *(v^u)) ^ b */
+		mpz_powm(tmp1, v, u, ng->N);
+		mpz_mulm(tmp2, A, tmp1, ng->N, tmp3);
+		mpz_powm(S, tmp2, b, ng->N);
+
+		hash_num(alg, S, ver->session_key);
+
+		calculate_M(alg, ng, ver->M, username, bytes_s, len_s, A, B, ver->session_key);
+		calculate_H_AMK(alg, ver->H_AMK, A, ver->M, ver->session_key);
+
+		*len_B = mpz_num_bytes(B);
+		*bytes_B = (unsigned char*)malloc(*len_B);
+
+		if (!*bytes_B) {
+			free(ver->username);
+			free(ver);
+			ver = 0;
+			*len_B = 0;
+			goto cleanup_and_exit;
+		}
+
+		mpz_to_bin(B, *bytes_B);
+
+		ver->bytes_B = *bytes_B;
+	} else {
+		free(ver);
+		ver = 0;
+	}
+
+cleanup_and_exit:
+	mpz_clear(v);
+	mpz_clear(A);
+	mpz_clear(u);
+	mpz_clear(k);
+	mpz_clear(B);
+	mpz_clear(S);
+	mpz_clear(b);
+	mpz_clear(tmp1);
+	mpz_clear(tmp2);
+	mpz_clear(tmp3);
+	return ver;
+}
+
+
+
+
+void srp_verifier_delete(struct SRPVerifier *ver)
+{
+	if (ver) {
+		delete_ng(ver->ng);
+		free(ver->username);
+		free(ver->bytes_B);
+		memset(ver, 0, sizeof(*ver));
+		free(ver);
+	}
+}
+
+
+
+int srp_verifier_is_authenticated(struct SRPVerifier *ver)
+{
+	return ver->authenticated;
+}
+
+
+const char *srp_verifier_get_username(struct SRPVerifier *ver)
+{
+	return ver->username;
+}
+
+
+const unsigned char *srp_verifier_get_session_key(struct SRPVerifier *ver, size_t *key_length)
+{
+	if (key_length)
+		*key_length = hash_length(ver->hash_alg);
+	return ver->session_key;
+}
+
+
+size_t srp_verifier_get_session_key_length(struct SRPVerifier *ver)
+{
+	return hash_length(ver->hash_alg);
+}
+
+
+/* user_M must be exactly SHA512_DIGEST_LENGTH bytes in size */
+void srp_verifier_verify_session(struct SRPVerifier *ver, const unsigned char *user_M, unsigned char **bytes_HAMK)
+{
+	if (memcmp(ver->M, user_M, hash_length(ver->hash_alg)) == 0) {
+		ver->authenticated = 1;
+		*bytes_HAMK = ver->H_AMK;
+	} else
+		*bytes_HAMK = NULL;
+}
+
+/*******************************************************************************/
+
+struct SRPUser *srp_user_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
+	const char *username, const char *username_for_verifier,
+	const unsigned char *bytes_password, size_t len_password,
+	const char *n_hex, const char *g_hex)
+{
+	struct SRPUser *usr = (struct SRPUser *) malloc(sizeof(struct SRPUser));
+	size_t ulen  = strlen(username) + 1;
+	size_t uvlen = strlen(username_for_verifier) + 1;
+
+	if (!usr)
+		goto err_exit;
+
+	init_random(); /* Only happens once */
+
+	usr->hash_alg = alg;
+	usr->ng = new_ng(ng_type, n_hex, g_hex);
+
+	mpz_init(usr->a);
+	mpz_init(usr->A);
+	mpz_init(usr->S);
+
+	if (!usr->ng || !usr->a || !usr->A || !usr->S)
+		goto err_exit;
+
+	usr->username = (char*)malloc(ulen);
+	usr->username_verifier = (char*)malloc(uvlen);
+	usr->password = (unsigned char*)malloc(len_password);
+	usr->password_len = len_password;
+
+	if (!usr->username || !usr->password)
+		goto err_exit;
+
+	memcpy(usr->username, username, ulen);
+	memcpy(usr->username_verifier, username_for_verifier, uvlen);
+	memcpy(usr->password, bytes_password, len_password);
+
+	usr->authenticated = 0;
+
+	usr->bytes_A = 0;
+
+	return usr;
+
+err_exit:
+	if (usr) {
+		mpz_clear(usr->a);
+		mpz_clear(usr->A);
+		mpz_clear(usr->S);
+		if (usr->username)
+			free(usr->username);
+		if (usr->username_verifier)
+			free(usr->username_verifier);
+		if (usr->password) {
+			memset(usr->password, 0, usr->password_len);
+			free(usr->password);
+		}
+		free(usr);
+	}
+
+	return 0;
+}
+
+
+
+void srp_user_delete(struct SRPUser *usr)
+{
+	if(usr) {
+		mpz_clear(usr->a);
+		mpz_clear(usr->A);
+		mpz_clear(usr->S);
+
+		delete_ng(usr->ng);
+
+		memset(usr->password, 0, usr->password_len);
+
+		free(usr->username);
+		free(usr->username_verifier);
+		free(usr->password);
+
+		if (usr->bytes_A)
+			free(usr->bytes_A);
+
+		memset(usr, 0, sizeof(*usr));
+		free(usr);
+	}
+}
+
+
+
+int srp_user_is_authenticated(struct SRPUser *usr)
+{
+	return usr->authenticated;
+}
+
+
+const char *srp_user_get_username(struct SRPUser *usr)
+{
+	return usr->username;
+}
+
+
+const unsigned char* srp_user_get_session_key(struct SRPUser* usr, size_t* key_length)
+{
+	if (key_length)
+		*key_length = hash_length(usr->hash_alg);
+	return usr->session_key;
+}
+
+
+size_t srp_user_get_session_key_length(struct SRPUser *usr)
+{
+	return hash_length(usr->hash_alg);
+}
+
+
+/* Output: username, bytes_A, len_A */
+void srp_user_start_authentication(struct SRPUser *usr, char **username,
+	const unsigned char *bytes_a, size_t len_a,
+	unsigned char **bytes_A, size_t *len_A)
+{
+	if (bytes_a) {
+		mpz_from_bin(bytes_a, len_a, usr->a);
+	} else {
+		mpz_fill_random(usr->a);
+	}
+
+	mpz_powm(usr->A, usr->ng->g, usr->a, usr->ng->N);
+
+	*len_A = mpz_num_bytes(usr->A);
+	*bytes_A = (unsigned char*)malloc(*len_A);
+
+	if (!*bytes_A) {
+		*len_A = 0;
+		*bytes_A = 0;
+		*username = 0;
+		return;
+	}
+
+	mpz_to_bin(usr->A, *bytes_A);
+
+	usr->bytes_A = *bytes_A;
+	if (username)
+		*username = usr->username;
+}
+
+
+/* Output: bytes_M. Buffer length is SHA512_DIGEST_LENGTH */
+void  srp_user_process_challenge(struct SRPUser *usr,
+	const unsigned char *bytes_s, size_t len_s,
+	const unsigned char *bytes_B, size_t len_B,
+	unsigned char **bytes_M, size_t *len_M)
+{
+	mpz_t B; mpz_init(B); mpz_from_bin(bytes_B, len_B, B);
+	mpz_t u; mpz_init(u);
+	mpz_t x; mpz_init(x);
+	mpz_t k; mpz_init(k);
+	mpz_t v; mpz_init(v);
+	mpz_t tmp1; mpz_init(tmp1);
+	mpz_t tmp2; mpz_init(tmp2);
+	mpz_t tmp3; mpz_init(tmp3);
+	mpz_t tmp4; mpz_init(tmp4);
+
+	*len_M = 0;
+	*bytes_M = 0;
+
+	if (!H_nn(u, usr->hash_alg, usr->ng->N, usr->A, B))
+		goto cleanup_and_exit;
+
+	srp_dbg_num(u, "Client calculated u: ");
+
+	if (!calculate_x(x, usr->hash_alg, bytes_s, len_s,
+			usr->username_verifier, usr->password, usr->password_len))
+		goto cleanup_and_exit;
+
+	srp_dbg_num(x, "Client calculated x: ");
+
+	if (!H_nn(k, usr->hash_alg, usr->ng->N, usr->ng->N, usr->ng->g))
+		goto cleanup_and_exit;
+
+	/* SRP-6a safety check */
+	if ( mpz_sgn(B) != 0 && mpz_sgn(u) != 0 ) {
+		mpz_powm(v, usr->ng->g, x, usr->ng->N);
+
+		srp_dbg_num(v, "Client calculated v: ");
+
+		/* S = (B - k*(g^x)) ^ (a + ux) */
+		mpz_mul(tmp1, u, x);
+		mpz_add(tmp2, usr->a, tmp1);               /* tmp2 = (a + ux)      */
+		mpz_powm(tmp1, usr->ng->g, x, usr->ng->N); /* tmp1 = g^x           */
+		mpz_mulm(tmp3, k, tmp1, usr->ng->N, tmp4); /* tmp3 = k*(g^x)       */
+		mpz_subm(tmp1, B, tmp3, usr->ng->N, tmp4); /* tmp1 = (B - K*(g^x)) */
+		mpz_powm(usr->S, tmp1, tmp2, usr->ng->N);
+
+		hash_num(usr->hash_alg, usr->S, usr->session_key);
+
+		calculate_M( usr->hash_alg, usr->ng, usr->M, usr->username, bytes_s, len_s, usr->A,B, usr->session_key );
+		calculate_H_AMK( usr->hash_alg, usr->H_AMK, usr->A, usr->M, usr->session_key );
+
+		*bytes_M = usr->M;
+		if (len_M)
+			*len_M = hash_length( usr->hash_alg );
+	} else {
+		*bytes_M = NULL;
+		if (len_M)
+			*len_M   = 0;
+	}
+
+cleanup_and_exit:
+
+	mpz_clear(B);
+	mpz_clear(u);
+	mpz_clear(x);
+	mpz_clear(k);
+	mpz_clear(v);
+	mpz_clear(tmp1);
+	mpz_clear(tmp2);
+	mpz_clear(tmp3);
+	mpz_clear(tmp4);
+}
+
+
+void srp_user_verify_session(struct SRPUser *usr, const unsigned char *bytes_HAMK)
+{
+	if (memcmp(usr->H_AMK, bytes_HAMK, hash_length(usr->hash_alg)) == 0)
+		usr->authenticated = 1;
+}
diff --git a/src/util/srp.h b/src/util/srp.h
new file mode 100644
index 0000000000000000000000000000000000000000..15a2b8a6867c39e0611ce5a6d5465f515ca662d8
--- /dev/null
+++ b/src/util/srp.h
@@ -0,0 +1,171 @@
+/*
+ * Secure Remote Password 6a implementation
+ * https://github.com/est31/csrp-gmp
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2010, 2013 Tom Cocagne, 2015 est31 <MTest31@outlook.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is furnished to do
+ * so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+/*
+ *
+ * Purpose:       This is a direct implementation of the Secure Remote Password
+ *                Protocol version 6a as described by
+ *                http://srp.stanford.edu/design.html
+ *
+ * Author:        tom.cocagne@gmail.com (Tom Cocagne)
+ *
+ * Dependencies:  LibGMP
+ *
+ * Usage:         Refer to test_srp.c for a demonstration
+ *
+ * Notes:
+ *    This library allows multiple combinations of hashing algorithms and
+ *    prime number constants. For authentication to succeed, the hash and
+ *    prime number constants must match between
+ *    srp_create_salted_verification_key(), srp_user_new(),
+ *    and srp_verifier_new(). A recommended approach is to determine the
+ *    desired level of security for an application and globally define the
+ *    hash and prime number constants to the predetermined values.
+ *
+ *    As one might suspect, more bits means more security. As one might also
+ *    suspect, more bits also means more processing time. The test_srp.c
+ *    program can be easily modified to profile various combinations of
+ *    hash & prime number pairings.
+ */
+
+#ifndef SRP_H
+#define SRP_H
+
+
+struct SRPVerifier;
+struct SRPUser;
+
+typedef enum
+{
+	SRP_NG_1024,
+	SRP_NG_2048,
+	SRP_NG_4096,
+	SRP_NG_8192,
+	SRP_NG_CUSTOM
+} SRP_NGType;
+
+typedef enum
+{
+	/*SRP_SHA1,*/
+	/*SRP_SHA224,*/
+	SRP_SHA256,
+	/*SRP_SHA384,
+	SRP_SHA512*/
+} SRP_HashAlgorithm;
+
+/* Out: bytes_v, len_v
+ *
+ * The caller is responsible for freeing the memory allocated for bytes_v
+ *
+ * The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type.
+ * If provided, they must contain ASCII text of the hexidecimal notation.
+ *
+ * If bytes_s == NULL, it is filled with random data. The caller is responsible for freeing.
+ */
+void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
+	SRP_NGType ng_type, const char *username_for_verifier,
+	const unsigned char *password, size_t len_password,
+	unsigned char **bytes_s,  size_t *len_s,
+	unsigned char **bytes_v, size_t *len_v,
+	const char * n_hex, const char *g_hex );
+
+/* Out: bytes_B, len_B.
+ *
+ * On failure, bytes_B will be set to NULL and len_B will be set to 0
+ *
+ * The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
+ *
+ * If bytes_b == NULL, random data is used for b.
+ */
+struct SRPVerifier* srp_verifier_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
+	const char *username,
+	const unsigned char *bytes_s, size_t len_s,
+	const unsigned char *bytes_v, size_t len_v,
+	const unsigned char *bytes_A, size_t len_A,
+	const unsigned char *bytes_b, size_t len_b,
+	unsigned char** bytes_B, size_t *len_B,
+	const char* n_hex, const char* g_hex);
+
+
+void srp_verifier_delete( struct SRPVerifier* ver );
+
+
+int srp_verifier_is_authenticated( struct SRPVerifier* ver );
+
+
+const char * srp_verifier_get_username( struct SRPVerifier* ver );
+
+/* key_length may be null */
+const unsigned char* srp_verifier_get_session_key( struct SRPVerifier* ver,
+	size_t *key_length );
+
+
+size_t srp_verifier_get_session_key_length(struct SRPVerifier* ver);
+
+
+/* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */
+void srp_verifier_verify_session( struct SRPVerifier* ver,
+	const unsigned char* user_M, unsigned char** bytes_HAMK );
+
+/*******************************************************************************/
+
+/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */
+struct SRPUser *srp_user_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
+	const char *username, const char *username_for_verifier,
+	const unsigned char *bytes_password, size_t len_password,
+	const char *n_hex, const char *g_hex);
+
+void srp_user_delete(struct SRPUser * usr);
+
+int srp_user_is_authenticated(struct SRPUser * usr);
+
+
+const char* srp_user_get_username(struct SRPUser * usr);
+
+/* key_length may be null */
+const unsigned char* srp_user_get_session_key(struct SRPUser* usr, size_t* key_length);
+
+size_t srp_user_get_session_key_length(struct SRPUser* usr);
+
+/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL.
+ * If bytes_a == NULL, random data is used for a. */
+void srp_user_start_authentication(struct SRPUser* usr, char** username,
+	const unsigned char* bytes_a, size_t len_a,
+	unsigned char** bytes_A, size_t* len_A);
+
+/* Output: bytes_M, len_M  (len_M may be null and will always be
+ *                          srp_user_get_session_key_length() bytes in size) */
+void srp_user_process_challenge(struct SRPUser *usr,
+	const unsigned char *bytes_s, size_t len_s,
+	const unsigned char *bytes_B, size_t len_B,
+	unsigned char **bytes_M, size_t *len_M);
+
+/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
+void srp_user_verify_session(struct SRPUser* usr, const unsigned char* bytes_HAMK);
+
+#endif /* Include Guard */
diff --git a/src/util/string.cpp b/src/util/string.cpp
index c0f0e97fddb985b0774a6e13f4c04eb5ea835a92..231eaf6be02e553f420220f1043b8ea7af0ccbe3 100644
--- a/src/util/string.cpp
+++ b/src/util/string.cpp
@@ -22,12 +22,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "numeric.h"
 #include "log.h"
 
-#include "sha1.h"
-#include "base64.h"
 #include "hex.h"
 #include "../porting.h"
 
-#include <algorithm>
 #include <sstream>
 #include <iomanip>
 #include <map>
@@ -176,26 +173,6 @@ std::string wide_to_narrow(const std::wstring &wcs)
 
 #endif
 
-// Get an sha-1 hash of the player's name combined with
-// the password entered. That's what the server uses as
-// their password. (Exception : if the password field is
-// blank, we send a blank password - this is for backwards
-// compatibility with password-less players).
-std::string translatePassword(const std::string &playername,
-	const std::string &password)
-{
-	if (password.length() == 0)
-		return "";
-
-	std::string slt = playername + password;
-	SHA1 sha1;
-	sha1.addBytes(slt.c_str(), slt.length());
-	unsigned char *digest = sha1.getDigest();
-	std::string pwd = base64_encode(digest, 20);
-	free(digest);
-	return pwd;
-}
-
 std::string urlencode(std::string str)
 {
 	// Encodes non-unreserved URI characters by a percent sign
diff --git a/src/util/string.h b/src/util/string.h
index f2d9af5703cda9a2c57eebb74d0568f751e93779..4ab5cf3f7b747f800e23a67ae106b4bdcf7a9e42 100644
--- a/src/util/string.h
+++ b/src/util/string.h
@@ -43,8 +43,7 @@ wchar_t *narrow_to_wide_c(const char *str);
 
 std::wstring narrow_to_wide(const std::string &mbs);
 std::string wide_to_narrow(const std::wstring &wcs);
-std::string translatePassword(const std::string &playername,
-	const std::string &password);
+
 std::string urlencode(std::string str);
 std::string urldecode(std::string str);
 u32 readFlagString(std::string str, const FlagDesc *flagdesc, u32 *flagmask);