Fairly secure login form without TLS (test)

Back to main site

Valid login credentials: -

This is a test login system that should be secure without using TLS. It is not meant to replace TLS and certainly shouldn't be used in place of it, rather it is a possible solution for secure login forms where TLS is not available. It is similar in operation to HTTP digest authentication but it uses only JavaScript on the client side.

The problem with generic login forms is that the username and password are sent as plaintext, so anybody who is able to sniff packets would be able to steal login credentials. A naïve approach would be to hash the password before sending it; this would stop the attacker from learning the actual password, however they would simply be able to send the hash to the server in order to log in, so this is not a good solution.

My solution here uses a combination of secure hashing together with a randomly generated cryptographic salt (nonce). An attacker is able to learn the login username, password hash and salt by packet sniffing, but without knowing the original password they would never be able to generate the corrent hash as it is salted. Also, capturing the password hash will not work in replay attacks as the salt will be different (it's a cryptographic nonce).

There is a shortcoming: if an attacker is packet-sniffing then there's nothing to stop them stealing the user's PHP session. This of course is a general problem which is not in the scope of this system.