Some websites do not support Secure Session Layer (SSL) and as such exploits like session hijacking may be possible. For example, a user logged in on a web-based mail account may perform a search on that account. An eavesdropper on the network may be able to impersonate the user and read the user's email.
Thus, a need exists for a technique for a remote connection to authenticate itself over an insecure channel without disclosing a shared secret.