Client: ``` clientFinalMessageBare = "c=biws,r=" .. serverNonce saltedPassword = PBKDF2-SHA-1(normalizedPassword, salt, i) clientKey = HMAC-SHA-1(saltedPassword, "Client Key") storedKey = SHA-1(clientKey) authMessage = nonce_1 .. "," .. nonce_2 .. "," .. clientFinalMessageBare clientSignature = HMAC-SHA-1(storedKey, authMessage) clientProof = clientKey XOR clientSignature ``` clientProof -> Server Server: hat: storedKey (Sha1(clientkey), nonces) ``` clientSignature = HMAC-SHA-1(storedKey, authMessage) clientProof XOR clientSignature = clientKey if sha1(clientKey) == storedKey then auth success; ``` ``` serverKey = HMAC-SHA-1(saltedPassword, "Server Key") serverSignature = HMAC-SHA-1(serverKey, authMessage) clientFinalMessage = clientFinalMessageBare .. ",p=" .. base64(clientProof) ```