What is digest authentication?

Asked 5/3, 2010 at 2:41 Answered 7/1, 2016 at 14:27

141

How does Digest Authentication differ from Basic Authentication other than sending credentials as plain text?

Leddy answered 5/3, 2010 at 2:41 Comment(4)

Great explanation by @Gumbo right here: https://mcmap.net/q/87962/-is-digest-authentication-possible-with-jquery – Lyric 26/2, 2014 at 16:28

Something you should NEVER EVER use. Doesn't protect the password in transit and requires the server to store passwords in plain. – Cameraman 31/7, 2015 at 12:16

Digest does provide better in-transit security than Basic authentication for unencrypted traffic, but it's weak. It is MUCH safer to use Basic auth in combination with SSL/TLS instead, because that way you can also keep the passwords on the server encrypted. – Kisumu 9/7, 2016 at 14:24

It is actually much better to user Digest Authentication with TLS. That way you are not giving out your password to phishing sites. Would be better still if they used a secure hashing algorithm. – Bitty 11/5, 2021 at 1:10

236

The main difference is that it doesn't require sending the username and password across the wire in plaintext. It is also immune to replay-attacks, as it uses a one-time number from the server.

The server gives the client a one-time use number (a nonce) that it combines with the username, realm, password and the URI request. The client runs all of those fields through an MD5 hashing method to produce a hash key.

It sends this hash key to the server along with the username and the realm to attempt to authenticate.

Server-side the same method is used to generate a hashkey, only instead of using the password typed in to the browser the server looks up the expected password for the user from its user DB. It looks up the stored password for this username, runs in through the same algorithm and compares it to what the client sent. If they match then access is granted, otherwise it can send back a 401 Unauthorized (no login or failed login) or a 403 Forbidden (access denied).

Digest authentication is standardized in RFC2617. There's a nice overview of it on Wikipedia:

You can think of it like this:

Client makes request
Client gets back a nonce from the server and a 401 authentication request
Client sends back the following response array (username, realm, generate_md5_key(nonce, username, realm, URI, password_given_by_user_to_browser)) (yea, that's very simplified)
The server takes username and realm (plus it knows the URI the client is requesting) and it looks up the password for that username. Then it goes and does its own version of generate_md5_key(nonce, username, realm, URI, password_I_have_for_this_user_in_my_db)
It compares the output of generate_md5() that it got with the one the client sent, if they match the client sent the correct password. If they don't match the password sent was wrong.

Morly answered 5/3, 2010 at 2:57 Comment(7)

Nice explanation. Are the username & pwd for a windows user? Where are they generated from? – Leddy 5/3, 2010 at 3:37

They are whatever the user types into the browser. The password needs to match whatever the server has stored for the password for that user. More likely than not it's something specific to that web application and not your Windows password. It very much depends on the way the web application is put together. – Morly 5/3, 2010 at 3:48

This answer is 6 years old, but I guess all security-aware systems store passwords in a salted-hash format by now. There is no, and there should not be any, method to obtain the original password from the database making digest authorization impossible. – Bahamas 20/4, 2016 at 15:25

If digest hash of username and password is stored in db instead of plain passwords, then it's still possible to use digest auth @RamondeKlein – Nikko 20/7, 2017 at 19:40

@BlueBockser I think karakays meant that instead of using a plain password, a hash resulting from combining both the username and its password should be stored in the server when signing up and computed in the client side before authenticating. It can also be done with just a hash of the password. – Defensive 1/8, 2017 at 2:33

@RamondeKlein How does salting a password protect against Phishing, which is by far the most common form of attack. Digest Auth + TLS would kill phishing if it used a secure hash algorithm. – Bitty 11/5, 2021 at 1:12

@Bitty It doesn't help against phishing. Because phising is a common form of attack, it doesn't mean you don't need to prevent other forms of attacks. The only way to deal with phishing is to use 2FA, but that's wasn't the question. – Bahamas 11/5, 2021 at 7:42

A hash of the credentials is sent over the wire.

HA1 = MD5(username:realm:password)

Wikipedia has an excellent article on this topic

Sklar answered 5/3, 2010 at 2:47 Comment(0)

The only way to get the hash HA1 of the credentials is to know the password. The server knows HA1 but not the password that generated it. If HA1 was known to an attacker it could get in to the system. So it is not sent down the wire. A further hash based on nonce, etc. is done before doing this, and this must agree with a similar calculation done on the server. Thus, as long as the server keeps HA1 private the system is secure.

Louden answered 7/1, 2016 at 14:27 Comment(2)

This is the explanation for Digest authentication, where the password is not sent in plain text (which is the case for Basic Auth) – Brussels 7/1, 2016 at 14:37

HTTP headers are encrypted (when using SSL) – Auction 25/7, 2023 at 13:32

Recommended topics

Hot tags