I've had this running around my head for while and I'd like to put it out there for your thoughts.
It occurs to me that there might be a way of providing reasonably strong user authentication in a website that doesn't have access to SSL (or post-Snowden, doesn't trust it anyway). It's conceivable this could be extended to session encryption, but that's beyond the scope of what I have in mind to begin with. I'm primarily interested in being able to authenticate just myself (the webmaster) to my own site via plain HTTP.
First, assume that:
- The server is not compromised
- The browser and its host PC are not compromised
- The DNS is not compromised
(Any of these would invalidate SSL anyway.)
Let's also add that I can store a shared secret on the server through another (secure) means.
My principle is this: In the browser, I enter my password (the shared secret) then it gets concatenated with a timestamp (rounded to the last whole minute, to allow for transport time), and that combined string is then hashed (I believe there are reasonable JS implementations of some hashing algorithms these days, though that's not researched so perhaps I'm wrong). The resulting hash is then sent to the server.
The server then performs the same function using the shared secret. (it also tries it based on the last whole minute in case transport time has carried it past that interval, but no more). If they match, my browser session is authenticated and I continue my session with an auth cookie from the server. The session can still be eavesdropped, but the shared secret was not compromised so the eavesdropper cannot gain access.
As the required JS is sent to my browser in the clear that can also be eavesdropped, but knowing the function does not break the secrecy unless XSS is achieved somehow to snoop me entering the secret.
So, does this sound reasonable? What are the weak points? Is there a better solution out there for the same parameters? (I did look but found nothing.) Any and all commentary welcome.