The Secure Remote Password (SRP) protocol allows users to keep their familiar interfaces and login habits while being secure at the same time. SRP is not vulnerable to being sniffed because the password is never sent over the wire; only mathematical manipulations of it are, that do not leak out any information about it. SRP is also not vulnerable to a playback attack since large random numbers are incorporated into the encryptions at various stages. SRP is also fast, even when implemented in Java.
It is because of this very reason that we would like to use SRP to provide authentication to Web resources. Currently, passwords are usually sent over in the clear, or with a weak encryption. With SRP, we can provide excellent authentication capabilities in a small applet that would communicate with an authentication server to verify clients.
I implemented the SRP client and server in Java. Below is a screenshot of the system in action. The foreground window is the client, the background window is the server's output window. The large numbers are the keys that were generated.