tanglebones/challenge response

## challenge response
Setup:
1. Client provides server with Username and P = password
2. Server generates N = large Nonce (128bits+), R = 0
3. Server computes Q = H(H(P,N)) and stores (Username, N, Q, R)
4. Server send N to client

Login:
1. Client sends login request to server with Username
2. Server generates R = HMAC(large Nonce (128bits) + timestamp, ServerSecret)
3. Server sends R and N (looked up from Username) to the client
4. Server updates R assoicated with Username
5. Client computes T_c = H(P,N)
6. Client computes C_c = HMAC(H(T_c), R)
7. Client computes F = XOR(T_c, C_c)
8. Client sends F, R and Username to the server
9. Server validates R and atomically updates Username.R to 0 against the R provided, on failure aborts. (i.e. only allow the R to be used once to login.)
10. Server computes C_s = HMAC(Q, R)
11. Server computes T_s = F ^ C_s
12. Server computes H(T_s) and compares it with Q (looked up from Username)
	Setup:
	1. Client provides server with Username and P = password
	2. Server generates N = large Nonce (128bits+), R = 0
	3. Server computes Q = H(H(P,N)) and stores (Username, N, Q, R)
	4. Server send N to client

	Login:
	1. Client sends login request to server with Username
	2. Server generates R = HMAC(large Nonce (128bits) + timestamp, ServerSecret)
	3. Server sends R and N (looked up from Username) to the client
	4. Server updates R assoicated with Username
	5. Client computes T_c = H(P,N)
	6. Client computes C_c = HMAC(H(T_c), R)
	7. Client computes F = XOR(T_c, C_c)
	8. Client sends F, R and Username to the server
	9. Server validates R and atomically updates Username.R to 0 against the R provided, on failure aborts. (i.e. only allow the R to be used once to login.)
	10. Server computes C_s = HMAC(Q, R)
	11. Server computes T_s = F ^ C_s
	12. Server computes H(T_s) and compares it with Q (looked up from Username)