Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Digest authentication is a method in which all requests for access from client devices are received by a network server and then sent to a domain controller.
It is one of the standard methods used by a Web server to authenticate the credentials of a user agent or Web browser. Credentials are hashed or encrypted before being sent, ensuring they are never transmitted in clear text form.
Digest authentication uses Hypertext Transfer Protocol (HTTP) and was originally specified in RFC 2069, which states that a scheme’s security be maintained by a nonce code generated by a server.
Before credentials are transmitted, they are encrypted through the MD5 cryptographic hash function and used with nonce values to prevent replay attacks, as nonce values are used only once.
The digest authentication process is as follows:
A client requests access to a website with a username and a password.
The server responds with a digest session key, a nonce and 401 authentication request.
The client answers with a response array with a composition of (username:realm:password), which is encrypted using MD5.
The server employs the username and realm to look up the password in the database, then uses that password to create a MD5 key using (username:realm:password_from_database).
Then, the server compares its generated MD5 key to the client's submitted MD5 key. If it matches, the client is authenticated. If not, the client is denied access.