HTTP Authentication - Digest

Discussion in 'HTML' started by EJ, Oct 24, 2003.

  1. EJ

    EJ Guest

    I had a discussion yesterday with a friend about digest http authentication,
    what are your thoughts?

    A webserver serving a protected document using the digest method answers
    initial client requests with a 401 but includes an authentication challenge.
    The server generated 401 includes in the header a nonce, a random value.
    This nonce is then encrypted along with the client's user name and password
    (as well as some other data) and sent back to the server. The original nonce
    is also sent back.

    The server will then compare the client generated hash value with it's own
    calculated value.

    Question: In that calculation, does the server use the nonce sent back by
    the client or does it *remember* the nonce value it originally sent? The
    point why I ask, that would make it a stateful protocol..

    If the server does not remember the original nonce value, then the purpose
    of the nonce is simply to enable the client to send a different hash value
    with every request, even if the same URL is requested over and over again.
    That's a good reason for it to exist, but then why does the server generate
    and send it in the first place? The client could just generate the nonce
    itself..

    If the server does remember, it would enable the server to control the
    maximum time the client has to authenticate, among other stuff..

    Some of those goals are mentioned in RFC 2617 but to us it was not clear if
    those requests are realized in http 1.0..
    EJ, Oct 24, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Reese
    Replies:
    3
    Views:
    423
    John Reese
    Jan 3, 2005
  2. john
    Replies:
    2
    Views:
    2,295
    Fuzzyman
    Aug 8, 2005
  3. Tammy Mc
    Replies:
    3
    Views:
    206
    Tammy Mc
    Oct 1, 2006
  4. myalo
    Replies:
    4
    Views:
    1,264
    A. Sinan Unur
    Nov 28, 2007
  5. Replies:
    2
    Views:
    323
    Julian Cromarty
    Jun 26, 2013
Loading...

Share This Page