Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol). This method builds upon (and obsoletes) the basic authentication scheme, allowing user identity to be established without having to send a password in plaintext over the network. HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... In the context of a HTTP transaction, the basic authentication scheme is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request. ... A password is a form of authentication which uses secret data to control access to a resource. ... In cryptography, plaintext is information used as input to an encryption algorithm; the output is termed ciphertext. ...

The scheme makes good use of MD5 hashes, although it should be noted that the MD5 algorithm is no longer considered suitable for cryptographic purposes. One consequence of the scheme's design is that the server is expected to either know the password (i.e. store it in plain text) or store the same MD5 hash that is used to calculate the client's response (see example, below) which may not be desirable. In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value. ... Cryptography portal Cryptography (from Greek kryptós, hidden, and gráphein, to write) is, traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge — the art of encryption. ...

The MD5 calculation is intended to be "one way", meaning that it should be difficult to determine the original input when only the output is known. If the input is small enough, however, then it may be possible to test all possible inputs and find a matching output – perhaps aided by a dictionary or suitable look-up list. Ideally users should be forced to use long, non-trivial passwords. A one-way function is a function which is easy to calculate but hard to invert — it is difficult to calculate the input to the function given its output. ...

Digest access authentication was originally specified by RFC 2069, which was later replaced by RFC 2617.

Example with explanation

Warning: Please refer to the original specifications for a more comprehensive discussion of security issues.

The following example was originally given in RFC 2617 and is expanded here to show the full text expected for each request and response. Note that only the "auth" quality of protection code is covered – at the time of writing only the Opera web browser is known to support "auth-int". Although the specification mentions HTTP version 1.1 the scheme can be successfully added to a version 1.0 server, as shown here. Opera is a cross-platform internet software suite consisting of a web browser, e-mail/news client, address book, newsfeed reader, IRC chat client, and download manager. ... A web browser is a software package that enables a user to display and interact with documents hosted by web servers. ...

This typical transaction consists of the following steps.

• The client asks for a page that requires authentication but does not provide a user name and password. Typically this is because the user simply entered the address or followed a link to the page.
• The server responds with the 401 response code and provides the authentication realm and a randomly-generated nonce value.
• At this point, the client will present the authentication realm (typically a description of the computer or system being accessed) to the user and prompt for a user name and password. The user may decide to cancel at this point.
• Once a user name and password have been supplied, the client re-sends the same request but includes the authentication header.
• In this example, the server accepts the authentication and the page is returned. If the user name is invalid or the password incorrect, the server might return the 401 response code and the client would prompt the user again.

Note: A client may pre-emptively send the authentication header in its first request, with no user interaction required. Note: to create a user account for Wikipedia, go to the login page. ... A hyperlink, or simply a link, is a reference in a hypertext document to another document or other resource. ... Nonce means for the present time or for a single occasion or purpose, although the word is not often found in general use. ...

Client request (no authentication):

 GET /dir/index.html HTTP/1.0 Host: localhost 

(followed by a new line, in the form of a carriage return followed by a line feed). In computing, a newline is a special character or sequence of characters indicating the end of a line. ... Originally, carriage return was the term for the key, lever, or mechanism in general that would cause the cylinder on which the paper was held (the carriage) to return to the right after a line of text had been typed, and would often move it down a line as well. ... In computing, line feed (LF) is a control character indicating that one line should be fed out. ...

Server response:

 HTTP/1.0 401 Unauthorised Server: SokEvo/0.9 Date: Sun, 10 Apr 2005 20:26:47 GMT WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" Content-Type: text/html Content-Length: 311 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML> <HEAD> <TITLE>Error</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> </HEAD> <BODY><H1>401 Unauthorised.</H1></BODY> </HTML> 

Client request (user name "Mufasa", password "Circle Of Life"):

 GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 

(followed by a blank line, as before).

Server response:

 HTTP/1.0 200 OK Server: SokEvo/0.9 Date: Sun, 10 Apr 2005 20:27:03 GMT Content-Type: text/html Content-Length: 7984 

(followed by a blank line and HTML text comprising of the restricted page).

RFC 2617 assumes that the scheme is understood and fails to complete the example by explaining where the "response" value comes from. It is calculated in three steps, as follows. Where values are combined, they are delimited by colon symbols. The term delimiter refers to a separating character. ... A colon is a punctuation mark, with one dot above another, like this: :. Colons are commonly used to introduce lists, or to connect a broad idea with a specific example: two related sentences can be separated by colons instead of periods. ...

1. The MD5 hash of the combined user name, authentication realm and password is calculated. The result is referred to as HA1.
2. The MD5 hash of the combined method and digest URI is calculated, e.g. of "GET" and "/dir/index.html". The result is referred to as HA2.
3. The MD5 hash of the combined HA1 result, server nonce (nonce), request counter (nc), client nonce (cnonce), quality of protection code (qop) and HA2 result is calculated. The result is the "response" value provided by the client.

Since the server has the same information as the client, the response can be checked by performing the same calculation. In the example given above the result is formed as follows – where MD5() represents a function used to calculate an MD5 hash, backslashes represent a continuation and the quotes shown are not used in the calculation. A Uniform Resource Identifier (URI), is an Internet protocol element consisting of a short string of characters that conform to a certain syntax. ...

 HA1 = MD5( "Mufasa:testrealm@host.com:Circle Of Life" ) = 939e7578ed9e3c518a452acee763bce9 HA2 = MD5( "GET:/dir/index.html" ) = 39aff3a2bab6126f332b942af96d3366 Response = MD5( "939e7578ed9e3c518a452acee763bce9: dcd98b7102dd2f0e8b11d0f600bfb0c093: 00000001:0a4f113b:auth: 39aff3a2bab6126f332b942af96d3366" ) = 6629fae49393a05397450978507c4ef1 

At this point the client may make another request, reusing the server nonce value (the server only issues a new nonce for each "401" response) but providing a new client nonce (cnonce). The hexadecimal request counter (nc) must be greater than the last value it used – otherwise an attacker could simply "replay" an old request with the same credentials. Obviously changing the method, URI and/or counter value will result in a different response value. It is up to the server to ensure that the counter increases for each of the nonce values that it has issued, rejecting any bad requests appropriately.

The server may also remember when each nonce value is issued, expiring them after a certain amount of time. If an expired value is used, the server should respond with the "401" status code and add stale=TRUE to the authentication header – indicating that the client should re-send with the new nonce provided, without prompting the user for another user name and password.

The server need not hold all expired nonce values – it can simply assume that any unrecognised values have expired. It is also possible for the server to only allow each nonce value to be returned once, although this forces the client to repeat each request. Note that expiring a server nonce immediately will not work, as the client would never get a chance to use it.