Initialization: Once the user has successfully logged into an account, the server places in the user’s computer a cookie that contains an authenticated record of the username, and possibly an expiration date. (“Authenticated”means that no party except for the server is able to change the cookie data without being detected by the server. This can be ensured, for example, by adding a MAC that is computed using a key known only to the server. Cookies of this type can be stored in several computers, as long as each of them was used by the user.
1. The user enters a username and a password. If his computer contains a cookie stored by the login server then the cookie is retrieved by the server.
2. The server checks whether the username is valid and whether the password is correct for this username.
3. If the username/password pair is correct, then
- If the cookie is correctly authenticated and has not yet expired, and the user identification record stored in the cookie agrees with the entered username, then the user is granted access to the server.
- Otherwise (there is no cookie, or the cookie is not authenticated, or the user identification in the cookie does not agree with the entered username) the server generates an RTT and sends it to the user. The user is granted access to the server only if he answers the RTT correctly.
4. If the username/password pair is incorrect, then
- With probability p (where 0 < p · 1 is a system parameter, say p = 0:05), the user is asked to answer an RTT. When his answer is received he is denied access to the server, regardless of whether it is correct or not.
- With probability 1 ¡ p, the user is immediately denied access to the server.Comment: The decision whether or not to serve an RTT must be a deterministic function of the entered username/password pair. That is, for any specific pair of username and password values, the user is either always asked to pass an RTT, or is never asked to answer one.