 |
| - A - |
| - B - |
| - C - |
| - D - |
| - E - |
| - F - |
| - G - |
| - H - |
| - I - |
| - J - |
| - K - |
| - L - |
| - M - |
| - N - |
| - O - |
| - P - |
| - Q - |
| - R - |
| - S - |
| - T - |
| - U - |
| - V - |
| - W - |
| - X - |
| - Y - |
| - Z - |
Digest Access Authentication
Digest Access Authentication
Digest access authentication is a more effective alternative to basic access authentication, an unencrypted method. It allows a user’s identity to be securely established without sending a plaintext password over the internet.
Advantages of digest access authentication:
- a password is not directly used when being sent over the internet.
- contains a client nonce that prevents attacks against plaintext.
- contains a server nonce to prevent replay attacks.
Disadvantages of digest access authentication:
- security is reduced when QOP (quality-of-protection) is not specified by the server.
- vulnerable to man in the middle attacks.
- all digest access implementations are not compatible with some versions of Internet Explorer.
Digest access authentication can be viewed as a security tradeoff. While it is intended to replace the less secure basic access authentication, it is not suited to replace a more secure approach such as Kerberos or Public key protocol.
Digest access authentication cannot be applied if the password authentication repository does not support the function of looking up plaintext passwords.