A secure distributed single-login authentication system comprises a client
and a server. The client collects a user name and password from a user
and tests that user name and password at a variety of potential
authentication servers to check where the login is valid. It combines the
password with a time varying salt and a service specific seed in a
message digesting hash and generates a first hash value. The client sends
the hash value along with the user name and the time varying salt to a
currently selected server. The server extracts the user name and looks up
an entry under the user name from the selected server's database. If an
entry is found, it retrieves the password and performs the same hash
function on the combination of the user name, the service specific seed,
and the retrieved password to generate a second hash value. Then, it
compares two hash values. If these two values match, the user is
authenticated. In this way, the system never sufficiently reveals the
password to authentication agents that might abuse the information.