|
RFC 2069 - An Extension to HTTP : Digest Access Authentication. J. Franks, P. Hallam-Baker, J. Hostetler, P. Leach, A. ... (4834 words) |
 | RFC 2069 Digest Access Authentication January 1997 algorithm A string indicating a pair of algorithms used to produce the digest and a checksum. |
| RFC 2069 Digest Access Authentication January 1997 response-digest = <"> < KD (H(A1), unquoted nonce-value ":" H(A2) > <"> A1 = unquoted username-value ":" unquoted realm-value ":" password password = < user's password > A2 = Method ":" digest-uri-value The "username-value" field is a "quoted-string" as specified in section 2.2 of the HTTP/1.1 specification [2]. |
| RFC 2069 Digest Access Authentication January 1997 A second consequence of this is that the realm string should be unique among all realms which any single user is likely to use. |
| RFC 2069 - An Extension to HTTP : Digest Access Authentication (4861 words) |
| Standards Track [Page 12] RFC 2069 Digest Access Authentication January 1997 3.1 Comparison with Basic Authentication Both Digest and Basic Authentication are very much on the weak end of the security strength spectrum. |
| Standards Track [Page 13] RFC 2069 Digest Access Authentication January 1997 For applications where no possibility of replay attack can be tolerated the server can use one-time response digests which will not be honored for a second use. |
| Standards Track [Page 15] RFC 2069 Digest Access Authentication January 1997 A second consequence of this is that the realm string should be unique among all realms which any single user is likely to use. |
Feeds |
Contact