lör 2006-04-15 klockan 12:03 +1000 skrev Paul Matthews:
> Just a quick question, whats the difference between digest authentication
> and basic authentication?
A lot.. If you are familiar with PPP the following analogues can be
made
basic -> PAP, or plain text password exchange.
digest -> CHAP, or reasonably secure one-time hash exchanges
There is also the same integration issues. As Digest never sends the
password the server has very strict requirements on how it can verify
the validity of the password. To be able to verify the request the
server needs access to either the users plain-text password or a Digest
H(A1) hash of the password. Similar but slightly different from the
requirements of PPP CHAP authentication..
but there is a lot more to Digest than what is shown on this brief
explanation. However, the more fancy things like integrity protection
only applies to web servers, not proxies.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT