Hi all,
As the title says, I’m looking to see if I can figure out some sort of secure login without having to shell out cash for SSL certification. I did a cryptography class a while back for my masters and I remember there being quite a few things you could do to secure connections between a server and a client. Of course, don’t ask me now exactly what they were (out of sight, out of mind right?). But I’m going back and checking the little notes I had and so far have thought of a fairly simple system with an initial broadcast from the client just saying “hey, time for me to log on”, followed by transmission of a random string by the server and then a transmission of a hash of some sort of concatenation of the username, password and hash.
I’m sure this in itself is not really that secure. On top of that, if someone is in the middle of the transaction they can easily intercept the data and act as if they are the client.
Is there really no way to secure this transaction without a certificate?
Thanks for any info you can provide