Secure User authentication using HMAC and SKID2 In some cases it may be usefull to provide secure authentication without the need of the TLS/SSL layer. We'll now discuss how to implement the protocol SKID2 using the mhash HMAC functions in PHP. We'll also assume that the client is capable to accept cookies, execute some scripting language (like javascript) and an HMAC function is available in the scripting language[0]. Ok let's now assume we're on the server side and we want to authenticate a client using username-password but without transmitting the password in the clear. Step 0. The server has a global secret key called KEY. Step 1. The server sends a random string (over 8 bytes) to the client Let's call it RANDOM1. We send the client a cookie (SERVER_COOKIE) with the contents Y = RANDOM1 + HMAC(KEY, RANDOM1). Step 2. The client reads RANDOM1 from Y and executes javascript in order to get the username and password from the user. The client now calculates X = HMAC( password, RANDOM1+RANDOM2). RANDOM2 is a random string generated by the client. Client sends the server X, USERNAME, RANDOM2, by using a cookie (CLIENT_COOKIE). Step 3. The server reads CLIENT_COOKIE and SERVER_COOKIE cookies. So it has the values: RANDOM1, RANDOM2, USERNAME, Y, X. a. Firstly extracts RANDOM1 from Y and checks if RANDOM1 + HMAC(KEY, RANDOM1) == Y. If they are not the same just abort. b. Checks the users database for USERNAME and retrieves the user's password (PASSWORD). c. Checks if HMAC( PASSWORD, RANDOM1+RANDOM2) == X If it is not the same abort. Step 4. The user is now authenticated. To keep track of authenticated sessions we may use the following (feel free to use something better): Using cookies: Eg we send in a cookie a string: S = TIMESTAMP+USERNAME+HMAC( KEY, USERNAME+TIMESTAMP+IP NUMBER). That way we can force authentication if a session has expired, or verify the user's credentials on the fly. However this may get against us since everyone in the client's host can use S and claim they're authenticated. This seems to be the less secure step. [0]. HMAC is described in RFC2104. Since there are several hash (md5 or even sha-1) implementations, in Javascript, it shouldn't be difficult to implement HMAC. --nmav