INITIAL NOTE: This is just for a personal tinkering project; I'm not writing enterprise security here, and if I were, I'd know better than to try to write my own scheme. :-D
EDIT: To stress the above point, I tried to tag this under "iKnowThisWouldBeABadIdeaInRealLife", but SO wouldn't accept it because it was >25 chars. Just be aware that I KNOW it's not commercial grade!
I need a way to authenticate a user over HTTP (can't use HTTPS in this case). I need to know that the person on the other end really is who they say they are (to some reasonably high degree of confidence). Once I'm sure the user is legit, I do not care if the content between the client and the server are sent as plaintext.
The trouble I'm looking at is in trying to send a password from the client to the server without sending it as plaintext. I've thought about trying some public-key crypto in javascript, since some Google searching has turned up some fun-looking libraries.
Here's the scheme I'm thinking about:
(suppose A and A' represent the private and public keys, respectively; also, enc(text, key) and dec(cyphertext, key) represent the encryption/decryption functions)
+------------------------+------------------------------+
| SERVER | CLIENT |
+------------------------+------------------------------+
(1) | t = randomToken() | |
(2) | enc(t, A) --------> c |
(3) | | A' = getKeyFromUser() |
(4) | p <-------- p=dec(c, A') |
(5) | if (t==p) | |
| allowAccess() | |
| else | |
| denyAccess() | |
+------------------------+------------------------------+
One weakness I see in this is that the BAD GUY who was listening to the exchange, while he doesn't have A, now has a known ciphertext/plaintext combo, which I remember from crypto class is a BAD IDEA. I figure some salting could alleviate this somehow?
So here are my [two] questions:
Thanks!
EDIT: Thanks for all the discussion! Just to clarify:
Here was my thought-process for the scheme: (I know I'm not quite using public vs. private keys properly, but bear with me for a sec)
Bob walks up to Alice and says, "Hey, I'm Bob."
Alice says, "Okay. I know Bob's 'private key'. If you're really Bob, take this secret message I just encrypted (with Bob's private key), and decrypt it for me."
Bob replies with the correct message, and Alice is happy.