I want to include secure login in a website and, given the threat model, I am wondering if I can safely drop back to a faster plain connection like this:

1. Over a secure connection, negotiate a random token T. This is stored in a cookie.
2. The server stores f(T)=hash(private_salt,T,username,password,$_SERVER['REMOTE_ADDR'])
3. T is shared later on over unencrypted connections. The server recomputes f(T) to authenticate the connection.

The idea is that T represents no particular information, and even if it is stolen, a connection from a different originating IP address will cause the a different f(T) to be calculated.

The obvious weakness is session theft behind NAT. Let’s say we can dismiss this in practice. The question basically boils down to: how easy is it to spoof a connection, preserving $_SERVER['REMOTE_ADDR']?

This website requires only moderate security. There will not be sensitive traffic. The threat model is basically to cope with vandalism. I only need to deter bored people, not the Russian mafia. Given this assumption, is the above protocol sufficiently secure?

Also, let’s assume this happens with a regular web browser and LAMP — for the secure password transmission, is https the only game in town? It seems like Diffie-Hellman Key Exchange or similar would be sufficient (impersonation of the server is not in the threat model) and does not require all that signing malarkay. Is there a standard apache/php module for this which most browsers support?