Digest Authentication

Why Trust Techopedia

What Does Digest Authentication Mean?

Digest authentication is a method in which all requests for access from client devices are received by a network server and then sent to a domain controller.

It is one of the standard methods used by a Web server to authenticate the credentials of a user agent or Web browser. Credentials are hashed or encrypted before being sent, ensuring they are never transmitted in clear text form.

Techopedia Explains Digest Authentication

Digest authentication uses Hypertext Transfer Protocol (HTTP) and was originally specified in RFC 2069, which states that a scheme’s security be maintained by a nonce code generated by a server.

Before credentials are transmitted, they are encrypted through the MD5 cryptographic hash function and used with nonce values to prevent replay attacks, as nonce values are used only once.

The digest authentication process is as follows:

  1. A client requests access to a website with a username and a password.

  2. The server responds with a digest session key, a nonce and 401 authentication request.

  3. The client answers with a response array with a composition of (username:realm:password), which is encrypted using MD5.

  4. The server employs the username and realm to look up the password in the database, then uses that password to create a MD5 key using (username:realm:password_from_database).

  5. Then, the server compares its generated MD5 key to the client’s submitted MD5 key. If it matches, the client is authenticated. If not, the client is denied access.

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.