secure way to transfer user passwords in php

Question

Hi I am googling these days to find a better way to send user info(including password) through the internet. Our servers don't have SSL installed. so need a very simple and secure method to send user info. In future my boss want to expand it to connect with desktop applications written in .net(C#). so the methods should be compatible with .net also. I need a advice or any thing that I can get a good idea for developing a better solution.

Answer 1

Some thoughts:

1. Use TLS/SSL. Really. A web server certificate can be obtained for free these days.
2. Use TLS/SSL. I really mean it. Don't be naive thinking that you can do a home brew solution, no matter which complex encryption algorithm you can imagine, that can outperform the legacy secure and easy of implementation as TLS/SSL is.
3. To solve a scenario with web clients and desktop clients, you should take a look at OAuth.

Answer 2

If you mean sending the password from a login form to the server in a secure way, there is nothing better than SSL. You could try implementing a system like Public key encryption, but I think it would be easier to enable SSL...

To store the passwords, simply use an encryption function like sha1

If you mean authenticating users in a desktop application you could implement oauth for example, which is not very hard and provides a very safe way of doing so.

Answer 3

This approach is called Digest authentication and quite easy to implement.

However, to use it you have to store passwords in plain text, you can't use it with hashes.
Which, in my point of view, makes it completely impossible to use.

Answer 4

1 curl (simple)
2 md5 encryption POST method
3 web service (complex)