HTTP GET authorization, how to make it difficult to intercept password and login?

C

celovec2020-06-17 00:23:54

Automation

celovec, 2020-06-17 00:23:54

I am developing a smart keychain, when it sees an open WiFi network, it connects to it and makes a GET request to my server, approximately in this format server / auth / login / pass , in response, receives the data it needs.
It is impossible to make HTTPS support on the key fob. Login and password are sent via HTTP in the clear.
Tell me how you can make it difficult to intercept the login and password?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

Y

Yan, 2020-06-17
@Slayer_nn

Tell me how you can make it difficult to intercept the login and password?

No way

S

Saboteur, 2020-06-17
@saboteur_kiev

Make a dynamic password that is valid exactly at the time when he logs in.
Come up with an algorithm so that your key fob and the server synchronize this password in time or in another way so that the interception of a single password does not matter.

S

SagePtr, 2020-06-17
@SagePtr

If it is impossible to fasten HTTPS, you can at least make home-made encryption. The symmetric encryption algorithm does not require a lot of resources, the key can be sewn into a key fob (for each copy of the key fob, generate its own, store one copy in the key fob, the second on the server).

B

BasiC2k, 2020-06-17
@BasiC2k

Send an encrypted response from the server. On the keychain - decoding. Login and password can not be used.