Secure authentication without using HTTPS

V.Y. Filimoshin, L.Z. Davletkireeva


The purpose of this article is to present a secure authentication algorithm for web resources without using HTTPS. The main idea of the algorithm is to avoid transferring a password in open way. So the password is presented to the server hashed and encrypted. If someone manages to intercept and decrypt the password hash, he will receive only a salted password hash and won't be able to receive the initial password. Some implementation results of the algorithm written in PHP are described to demonstrate how to protect the password from being compromised. The article could be useful for web developers.

Full Text:

PDF (Russian)


Shapiro L. Dvuhfaktornaja autentifikacija v Sluzhbe Kataloga Active Directory Domain Services [Jelektronynj resurs]. URL:

Google Security Blog Moving towards a more secure web [Jelektronnyj resurs]. URL:

Wikipedia HTTPS [Jelektronnyj resurs]. URL:

Wikipedia Heshirovanie [Jelektronnyj resurs]. URL:

Wikipedia Sol' (kriptografija) [Jelektronnyj resurs]. URL:


  • There are currently no refbacks.

Abava  Absolutech Convergent 2020

ISSN: 2307-8162