Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Digest access authentication
open-in-new
<h2 id="overview">Overview</h2> <p>Digest access authentication was originally specified by <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc2069">2069</a> (<i>An Extension to HTTP: Digest Access Authentication</i>). RFC 2069 specifies roughly a traditional digest authentication scheme with security maintained by a server-generated <i><a href="/facts/Cryptographic_nonce/ENHRCGnw">nonce value</a></i>. The authentication response is formed as follows (where HA1 and HA2 are names of string variables): </p> HA1 = MD5(username:realm:password) HA2 = MD5(method:digestURI) response = MD5(HA1:nonce:HA2) <p>An MD5 hash is a 16-byte value. The HA1 and HA2 values used in the computation of the response are the hexadecimal representation (in lowercase) of the MD5 hashes respectively. </p><p>RFC 2069 was later replaced by <a href="/facts/RFC_(identifier)/esftTvE7">RFC</a> <a href="https://www.rfc-editor.org/rfc/rfc2617">2617</a> (<i>HTTP Authentication: Basic and Digest Access Authentication</i>). RFC 2617 introduced a number of optional security enhancements to digest authentication; "quality of protection" (qop), nonce counter incremented by client, and a client-generated random nonce. These enhancements are designed to protect against, for example, <a href="/facts/Chosen-plaintext_attack/uTJ0XCAN">chosen-plaintext attack</a> <a href="/facts/Cryptanalysis/7CPEQlJI">cryptanalysis</a>. </p><p>If the algorithm directive's value is "MD5" or unspecified, then HA1 is </p> HA1 = MD5(username:realm:password) <p>If the algorithm directive's value is "MD5-sess", then HA1 is </p> HA1 = MD5(MD5(username:realm:password):nonce:cnonce) <p>If the qop directive's value is "auth" or is unspecified, then HA2 is </p> HA2 = MD5(method:digestURI) <p>If the qop directive's value is "auth-int", then HA2 is </p> HA2 = MD5(method:digestURI:MD5(entityBody)) <p>If the qop directive's value is "auth" or "auth-int", then compute the response as follows: </p> response = MD5(HA1:nonce:nonceCount:cnonce:qop:HA2) <p>If the qop directive is unspecified, then compute the response as follows: </p> response = MD5(HA1:nonce:HA2) <p>The above shows that when qop is not specified, the simpler RFC 2069 standard is followed. </p><p>In September 2015, RFC 7616 replaced RFC 2617 by adding 4 new <a href="/facts/Algorithm/fnl5NmRt">algorithms</a>: "SHA-256", "SHA-256-sess", "SHA-512-256" and "SHA-512-256-sess". The encoding is equivalent to "MD5" and "MD5-sess" algorithms, with <a href="/facts/MD5/8WIXb9Dq">MD5 hashing function</a> replaced with <a href="/facts/SHA-256/P59oPeGq">SHA-256</a> and <a href="/facts/SHA-256/P59oPeGq">SHA-512-256</a>. However, as of July 2021<a href="https://en.wikipedia.org/w/index.php?title=Digest_access_authentication&action=edit">[update]</a>, none of popular browsers, including Firefox<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> and Chrome,<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> support SHA-256 as the hash function. As of October 2021<a href="https://en.wikipedia.org/w/index.php?title=Digest_access_authentication&action=edit">[update]</a>, Firefox 93<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> officially supports "SHA-256" and "SHA-256-sess" algorithms for digest authentication. However, support for "SHA-512-256", "SHA-512-256-sess" algorithms and username hashing<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> is still lacking.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> As of August 2023<a href="https://en.wikipedia.org/w/index.php?title=Digest_access_authentication&action=edit">[update]</a>, Chromium 117 (then Chrome and Edge) supports "SHA-256".<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p> <h2 id="impact-of-md5-security-on-digest-authentication">Impact of MD5 security on digest authentication</h2> <p>The <a href="/facts/MD5/8WIXb9Dq">MD5</a> calculations used in HTTP digest authentication is intended to be "<a href="/facts/One-way_function/rGtcumDW">one way</a>", meaning that it should be difficult to determine the original input when only the output is known. If the password itself is too simple, however, then it may be possible to test all possible inputs and find a matching output (a <a href="/facts/Brute-force_attack/TXl8pkfb">brute-force attack</a>) – perhaps aided by a <a href="/facts/Dictionary_attack/0DdvVvBM">dictionary</a> or <a href="/facts/Rainbow_table/CcGDKqX8">suitable look-up list</a>, which for MD5 is readily available.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p><p>The HTTP scheme was designed by <a href="/facts/Phillip_Hallam-Baker/yYsrFpt8">Phillip Hallam-Baker</a> at <a href="/facts/CERN/y1gwRchm">CERN</a> in 1993 and does not incorporate subsequent improvements in authentication systems, such as the development of keyed-hash message authentication code (<a href="/facts/HMAC/Qy9WD4V9">HMAC</a>). Although the <a href="/facts/Cryptography/e94PEVau">cryptographic</a> construction that is used is based on the MD5 hash function, <a href="/facts/Collision_attack/6aXFAMbW">collision attacks</a> were in 2004 generally believed to not affect applications where the plaintext (i.e. password) is not known.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> However, claims in 2006<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> cause some doubt over other MD5 applications as well. </p> <h2 id="http-digest-authentication-considerations">HTTP digest authentication considerations</h2> <h3>Advantages</h3> <p>HTTP digest authentication is designed to be more secure than traditional digest authentication schemes, for example "significantly stronger than (e.g.) <a href="/facts/CRAM-MD5/4abnp1df">CRAM-MD5</a> ..." (RFC 2617). </p><p>Some of the security strengths of HTTP digest authentication are: </p> <ul><li>The password is not sent clear to the server.</li> <li>The password is not used directly in the digest, but rather HA1 = MD5(username:realm:password). This allows some implementations (e.g. <a href="/facts/JBoss/sdwoM5jn">JBoss</a><a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a>) to store HA1 rather than the cleartext password (however, see disadvantages of this approach)</li> <li>Client nonce was introduced in RFC 2617, which allows the client to prevent <a href="/facts/Chosen-plaintext_attack/uTJ0XCAN">chosen-plaintext attacks</a>, such as <a href="/facts/Rainbow_table/CcGDKqX8">rainbow tables</a> that could otherwise threaten digest authentication schemes</li> <li>Server nonce is allowed to contain timestamps. Therefore, the server may inspect nonce attributes submitted by clients, to prevent <a href="/facts/Replay_attack/IpKW2kvf">replay attacks</a></li> <li>Server is also allowed to maintain a list of recently issued or used server nonce values to prevent reuse</li> <li>It prevents <a href="/facts/Phishing/hvgfz4U8">Phishing</a> because the plain password is never sent to any server, be it the correct server or not. (Public key systems rely on the user being able to verify that the URL is correct.)</li></ul> <h3>Disadvantages</h3> <p>There are several drawbacks with digest access authentication: </p> <ul><li>The website has no control over the user interface presented to the end user.</li> <li>Many of the security options in RFC 2617 are optional. If quality-of-protection (qop) is not specified by the server, the client will operate in a security-reduced legacy RFC 2069 mode</li> <li>Digest access authentication is vulnerable to a <a href="/facts/Man-in-the-middle_attack/dx4cojdz">man-in-the-middle (MITM) attack</a>. For example, a MITM attacker could tell clients to use basic access authentication or legacy RFC2069 digest access authentication mode. To extend this further, digest access authentication provides no mechanism for clients to verify the server's identity</li> <li>A server can store HA1 = MD5(username:realm:password) instead of the password itself. However, if the stored HA1 is leaked, an attacker can generate valid responses and access documents in the realm just as easily as if they had access to the password itself. The table of HA1 values must therefore be protected as securely as a file containing plaintext passwords.<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a></li> <li>Digest access authentication prevents the use of a strong password hash (such as <a href="/facts/Bcrypt/2hWjME4U">bcrypt</a>) when storing passwords (since either the password, or the digested username, realm and password must be recoverable)</li></ul> <p>Also, since the <a href="/facts/MD5/8WIXb9Dq">MD5 algorithm</a> is not allowed in <a href="/facts/FIPS_140-2/xCKhMHnK">FIPS</a>, HTTP Digest authentication will not work with FIPS-certified<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> crypto modules. </p> <h3>Alternative authentication protocols</h3> <p>By far the most common approach is to use a HTTP+HTML form-based authentication cleartext protocol, or more rarely <a href="/facts/Basic_access_authentication/9N7Q1AYy">Basic access authentication</a>. These weak cleartext protocols used together with <a href="/facts/HTTPS/MSWYz4zo">HTTPS</a> network encryption resolve many of the threats that digest access authentication is designed to prevent. However, this use of HTTPS relies upon the end user to accurately validate that they are accessing the correct URL each time to prevent sending their password to an untrusted server, which results in <a href="/facts/Phishing/hvgfz4U8">phishing</a> attacks. Users often fail to do this, which is why phishing has become the most common form of security breach. </p><p>Some strong authentication protocols for web-based applications that are occasionally used include: </p> <ul><li><a href="/facts/Public_key/gowoFTxS">Public key</a> authentication (usually implemented with a <a href="/facts/HTTPS/MSWYz4zo">HTTPS</a> / <a href="/facts/Secure_Sockets_Layer/pGy16TnA">SSL</a> <a href="/facts/Client_certificate/6w3cM2AV">client certificate</a>) using a client certificate.</li> <li><a href="/facts/Kerberos_(protocol)/RMXs3P1w">Kerberos</a> or <a href="/facts/SPNEGO/Btqy4ffy">SPNEGO</a> authentication, employed for example by <a href="/facts/Microsoft_IIS/nqmfJr3T">Microsoft IIS</a> running configured for <a href="/facts/Integrated_Windows_Authentication/sz1UhdaV">Integrated Windows Authentication</a> (IWA).</li> <li><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">Secure Remote Password protocol</a> (preferably within the <a href="/facts/HTTPS/MSWYz4zo">HTTPS</a> / <a href="/facts/Transport_Layer_Security/pGy16TnA">TLS</a> layer). However, this is not implemented by any mainstream browsers.</li> <li><a href="/facts/JSON_Web_Token/jfuUc1hv">JSON Web Token</a> (JWT) is a <a href="/facts/JSON/bs1rUAhd">JSON</a>-based standard RFC 7519 for creating <a href="/facts/Access_token/nsfEanhM">access tokens</a> that assert some number of claims.</li></ul> <h2 id="example-with-explanation">Example with explanation</h2> <p>The following example was originally given in RFC 2617 and is expanded here to show the full text expected for each <a href="/facts/HTTP_request/TWtvf7JD">request</a> and <a href="/facts/HTTP_response/TWtvf7JD">response</a>. Note that only the "auth" (authentication) quality of protection code is covered – as of April 2005<a href="https://en.wikipedia.org/w/index.php?title=Digest_access_authentication&action=edit">[update]</a>, only the <a href="/facts/Opera_(web_browser)/2NYCcTj1">Opera</a> and <a href="/facts/Konqueror/qWCwNfur">Konqueror</a> web browsers are known to support "auth-int" (authentication with integrity protection). Although the specification mentions HTTP version 1.1, the scheme can be successfully added to a version 1.0 server, as shown here. </p><p>This typical transaction consists of the following steps: </p> <ol><li>The client asks for a page that requires authentication but does not provide a username and password.<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> Typically this is because the user simply entered the address or followed a link to the page.</li> <li>The server responds with the <a href="/facts/HTTP_401/nTtX2f6r">401 "Unauthorized"</a> response code, providing the authentication realm and a randomly generated, single-use value called a <i><a href="/facts/Cryptographic_nonce/ENHRCGnw">nonce</a></i>.</li> <li>At this point, the browser will present the authentication realm (typically a description of the computer or system being accessed) to the user and prompt for a username and password. The user may decide to cancel at this point.</li> <li>Once a username and password have been supplied, the client re-sends the same request but adds an authentication header that includes the response code.</li> <li>In this example, the server accepts the authentication and the page is returned. If the username is invalid and/or the password is incorrect, the server might return the "401" response code and the client would prompt the user again.</li></ol> Client request (no authentication) GET /dir/index.html HTTP/1.0 Host: localhost <p>(followed by a <a href="/facts/Newline/ffeJz4Nn">new line</a>, in the form of a <a href="/facts/Carriage_return/R79IhpPr">carriage return</a> followed by a <a href="/facts/Line_feed/ffeJz4Nn">line feed</a>).<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a> </p> Server response HTTP/1.0 401 Unauthorized Server: HTTPd/0.9 Date: Sun, 10 Apr 2014 20:26:47 GMT WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" Content-Type: text/html Content-Length: 153 <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <title>Error</title> </head> <body> <h1>401 Unauthorized.</h1> </body> </html> Client request (username "Mufasa", password "Circle Of Life") GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" <p>(followed by a blank line, as before). </p> Server response HTTP/1.0 200 OK Server: HTTPd/0.9 Date: Sun, 10 Apr 2005 20:27:03 GMT Content-Type: text/html Content-Length: 7984 <p>(followed by a blank line and HTML text of the restricted page). </p> <p>The "response" value is calculated in three steps, as follows. Where values are combined, they are <a href="/facts/Delimiter/wRAQxIKV">delimited</a> by colons. </p> <ol><li>The MD5 hash of the combined username, authentication realm and password is calculated. The result is referred to as HA1.</li> <li>The MD5 hash of the combined method and digest <a href="/facts/Uniform_Resource_Identifier/UjyqxTpA">URI</a> is calculated, e.g. of "GET" and "/dir/index.html". The result is referred to as HA2.</li> <li>The MD5 hash of the combined HA1 result, server nonce (nonce), request counter (nc), client nonce (cnonce), quality of protection code (qop) and HA2 result is calculated. The result is the "response" value provided by the client.</li></ol> <p>Since the server has the same information as the client, the response can be checked by performing the same calculation. In the example given above the result is formed as follows, where MD5() represents a function used to calculate an <a href="/facts/MD5_hash/8WIXb9Dq">MD5 hash</a>, backslashes represent a continuation and the quotes shown are not used in the calculation. </p><p>Completing the example given in RFC 2617 gives the following results for each step. </p> HA1 = MD5( "Mufasa:testrealm@host.com:Circle Of Life" ) = 939e7578ed9e3c518a452acee763bce9 HA2 = MD5( "GET:/dir/index.html" ) = 39aff3a2bab6126f332b942af96d3366 Response = MD5( "939e7578ed9e3c518a452acee763bce9:\ dcd98b7102dd2f0e8b11d0f600bfb0c093:\ 00000001:0a4f113b:auth:\ 39aff3a2bab6126f332b942af96d3366" ) = 6629fae49393a05397450978507c4ef1 <p>At this point the client may make another request, reusing the server nonce value (the server only issues a new nonce for each <a href="/facts/HTTP_401/nTtX2f6r">"401" response</a>) but providing a new client nonce (cnonce). For subsequent requests, the hexadecimal request counter (nc) must be greater than the last value it used – otherwise an attacker could simply "<a href="/facts/Replay_attack/IpKW2kvf">replay</a>" an old request with the same credentials. It is up to the server to ensure that the counter increases for each of the nonce values that it has issued, rejecting any bad requests appropriately. Obviously changing the method, URI and/or counter value will result in a different response value. </p><p>The server should remember nonce values that it has recently generated. It may also remember when each nonce value was issued, expiring them after a certain amount of time. If an expired value is used, the server should respond with the "401" status code and add stale=TRUE to the authentication header, indicating that the client should re-send with the new nonce provided, without prompting the user for another username and password. </p><p>The server does not need to keep any expired nonce values – it can simply assume that any unrecognised values have expired. It is also possible for the server to only allow each nonce value to be returned once, although this forces the client to repeat every request. Note that expiring a server nonce immediately will not work, as the client would never get a chance to use it. </p> <h2 id="the-htdigest-file">The .htdigest file</h2> <p>.htdigest is a <a href="/facts/Flat_file_database/aNeNVE3h">flat-file</a> used to store usernames, realm and passwords for digest authentication of <a href="/facts/Apache_HTTP_Server/tcmWYYUq">Apache HTTP Server</a>. The name of the file is given in the <a href="/facts/.htaccess/XRjSaQJr">.htaccess</a> configuration, and can be anything, but ".htdigest" is the canonical name. The file name starts with a dot, because most <a href="/facts/Unix-like/YAKrAxzd">Unix-like</a> operating systems consider any file that begins with dot to be hidden. This file is often maintained with the <a href="/facts/Shell_(computing)/Sa67elS7">shell</a> command "htdigest" which can add, and update users, and will properly encode the password for use. </p><p>The "htdigest" command is found in the apache2-utils package on <a href="/facts/Dpkg/p1CzTSF8">dpkg</a> package management systems and the httpd-tools package on <a href="/facts/RPM_Package_Manager/msKjb8FW">RPM package management</a> systems. </p><p>The syntax of the htdigest command:<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a> </p> htdigest [ -c ] <i>passwdfile realm username</i> <p>The format of the .htdigest file:<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a> </p> user1:Realm:5ea41921c65387d904834f8403185412 user2:Realm:734418f1e487083dc153890208b79379 <h2 id="sip-digest-authentication">SIP digest authentication</h2> <p><a href="/facts/Session_Initiation_Protocol/cbjUoNqP">Session Initiation Protocol</a> (SIP) uses basically the same digest authentication algorithm. It is specified by RFC 3261. </p> <h2 id="browser-implementation">Browser implementation</h2> <p>Most browsers have substantially implemented the spec, some barring certain features such as auth-int checking or the MD5-sess algorithm. If the server requires that these optional features be handled, clients may not be able to authenticate (though note mod_auth_digest for Apache does not fully implement RFC 2617 either). </p> <ul><li><a href="/facts/Amaya_(web_browser)/uBBEQvSF">Amaya</a></li> <li><a href="/facts/Gecko_(layout_engine)/HXINMkgW">Gecko</a>-based: (not including auth-int<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a>) <ul><li><a href="/facts/Mozilla_Application_Suite/XbBP7wRE">Mozilla Application Suite</a></li> <li><a href="/facts/Mozilla_Firefox/xez2zv8H">Mozilla Firefox</a></li> <li><a href="/facts/Netscape_(version_7)/2zFu761E">Netscape 7+</a></li></ul></li> <li><a href="/facts/ICab/1pLeNcaT">iCab 3.0.3+</a></li> <li><a href="/facts/KHTML/o8uwkSAd">KHTML</a>- and <a href="/facts/WebKit/YrP9vbIj">WebKit</a>-based: (not including auth-int<a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a>) <ul><li><a href="/facts/ICab/1pLeNcaT">iCab</a> 4</li> <li><a href="/facts/Konqueror/qWCwNfur">Konqueror</a></li> <li><a href="/facts/Google_Chrome/4INfWq37">Google Chrome</a></li> <li><a href="/facts/Safari_(web_browser)/9R8v7tNl">Safari</a></li></ul></li> <li><a href="/facts/Tasman_(layout_engine)/wufTHgpB">Tasman</a>-based: <ul><li><a href="/facts/Internet_Explorer_for_Mac/5UFTCbja">Internet Explorer for Mac</a></li></ul></li> <li><a href="/facts/Trident_(layout_engine)/pwBEAjzj">Trident</a>-based: <ul><li><a href="/facts/Internet_Explorer_5/HaSYzQEg">Internet Explorer 5+</a><a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> (not including auth-int)</li></ul></li> <li><a href="/facts/Presto_(layout_engine)/Am1arukL">Presto</a>-based: <ul><li><a href="/facts/Opera_(web_browser)/2NYCcTj1">Opera</a> (Opera switched away from Presto in 2013)<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a></li> <li><a href="/facts/Opera_Mobile/Krf60hAP">Opera Mobile</a></li> <li><a href="/facts/Opera_Mini/SR3AB9up">Opera Mini</a></li> <li><a href="/facts/Nintendo_DS_Browser/w1ldT44l">Nintendo DS Browser</a></li> <li><a href="/facts/Nokia_770/VwhybAQ3">Nokia 770</a> Browser</li> <li><a href="/facts/Mylo_(Sony)/1rvx2qz1">Sony Mylo 1</a>'s Browser</li> <li><a href="/facts/Wii_browser/TltHn2kK">Wii Internet Channel Browser</a></li></ul></li></ul> <h2 id="deprecations">Deprecations</h2> <p>Because of the disadvantages of Digest authentication compared to Basic authentication over HTTPS it has been deprecated by a lot of software e.g.: </p> <ul><li>Bitbucket<a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a></li> <li>Symfony PHP framework<a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a></li></ul> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/AKA_(security)/foCkqkB4">AKA (security)</a></li> <li><a href="/facts/JSON_Web_Token/jfuUc1hv">JSON Web Token</a> (JWT)</li> <li><a href="/facts/Basic_access_authentication/9N7Q1AYy">Basic access authentication</a></li> <li>HTTP+HTML form-based authentication</li></ul> <h2 id="notes">Notes</h2> <h2 id="external-links">External links</h2> <ul><li><a href="https://datatracker.ietf.org/doc/html/rfc7235">RFC 7235</a></li> <li><a href="https://datatracker.ietf.org/doc/html/rfc6331">RFC 6331</a></li> <li><a href="https://datatracker.ietf.org/doc/html/rfc2617">RFC 2617</a> (updated by RFC 7235)</li> <li><a href="https://datatracker.ietf.org/doc/html/rfc2069">RFC 2069</a> (obsolete)</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Moving DIGEST-MD5 to Historic, July 2011. <a href="https://datatracker.ietf.org/doc/html/rfc6331" target="_blank">https://datatracker.ietf.org/doc/html/rfc6331</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Bug 472823: SHA 256 Digest Authentication". Mozilla Bugzilla. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=472823" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=472823</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Issue 1160478: SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616". Chromium bugs. <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=1160478" target="_blank">https://bugs.chromium.org/p/chromium/issues/detail?id=1160478</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Bug 472823: SHA 256 Digest Authentication". Mozilla Bugzilla. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=472823" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=472823</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"IETF.org: RFC 7616 Username Hashing". Ietf Datatracker. 30 September 2015. <a href="https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4" target="_blank">https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Mozilla-central: support SHA-256 HTTP Digest auth". Mozilla-central. <a href="https://hg.mozilla.org/mozilla-central/rev/7a4994734e00" target="_blank">https://hg.mozilla.org/mozilla-central/rev/7a4994734e00</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Chrome Feature: RFC 7616 Digest auth: Support SHA-256 and username hashing". <a href="https://chromestatus.com/feature/5139896267702272?context=myfeatures" target="_blank">https://chromestatus.com/feature/5139896267702272?context=myfeatures</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>List of rainbow tables, Project Rainbowcrack. Includes multiple MD5 rainbow tables. <a href="http://project-rainbowcrack.com/table.htm" target="_blank">http://project-rainbowcrack.com/table.htm</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"Hash Collision Q&A". Cryptography Research. 2005-02-16. Archived from the original on 2010-03-06.[better source needed] <a href="https://web.archive.org/web/20100306180648/http://www.cryptography.com/cnews/hash.html" target="_blank">https://web.archive.org/web/20100306180648/http://www.cryptography.com/cnews/hash.html</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Jongsung Kim; Alex Biryukov; Bart Preneel; Seokhie Hong. "On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1" (PDF). IACR. <a href="https://eprint.iacr.org/2006/187.pdf" target="_blank">https://eprint.iacr.org/2006/187.pdf</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>Scott Stark (2005-10-08). "DIGEST Authentication (4.0.4+)". JBoss. Archived from the original on 2015-10-18. Retrieved 2013-03-04. <a href="https://web.archive.org/web/20151018155102/https://community.jboss.org/wiki/DIGESTAuth" target="_blank">https://web.archive.org/web/20151018155102/https://community.jboss.org/wiki/DIGESTAuth</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>Franks, J.; Hallam-Baker, P.; Hostetler, J.; Lawrence, S.; Leach, P.; Luotonen, A.; Stewart, L. (June 1999). "HTTP Authentication: Basic and Digest Access Authentication: Storing passwords". IETF. doi:10.17487/RFC2617. S2CID 27137261. {{cite journal}}: Cite journal requires |journal= (help) <a href="https://tools.ietf.org/html/rfc2617#section-4.13" target="_blank">https://tools.ietf.org/html/rfc2617#section-4.13</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>The following is a list of FIPS approved algorithms: "Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules" (PDF). National Institute of Standards and Technology. January 31, 2014. <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf" target="_blank">http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>A client may already have the required username and password without needing to prompt the user, e.g. if they have previously been stored by a web browser. <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>Tim Berners-Lee, Roy Fielding, Henrik Frystyk Nielsen (1996-02-19). "Hypertext Transfer Protocol -- HTTP/1.0: Request". W3C.{{cite web}}: CS1 maint: multiple names: authors list (link) <a href="/wiki/Tim_Berners-Lee" target="_blank">/wiki/Tim_Berners-Lee</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"htdigest - manage user files for digest authentication". apache.org. <a href="https://httpd.apache.org/docs/2.2/programs/htdigest.html" target="_blank">https://httpd.apache.org/docs/2.2/programs/htdigest.html</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>"htdigest - manage user files for digest authentication". apache.org. <a href="https://httpd.apache.org/docs/2.2/programs/htdigest.html" target="_blank">https://httpd.apache.org/docs/2.2/programs/htdigest.html</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>Emanuel Corthay (2002-09-16). "Bug 168942 - Digest authentication with integrity protection". Mozilla. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=168942" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=168942</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>Timothy D. Morgan (2010-01-05). "HTTP Digest Integrity: Another look, in light of recent attacks" (PDF). vsecurity.com. Archived from the original (PDF) on 2014-07-14. <a href="https://web.archive.org/web/20140714192236/https://secure.vsecurity.com/download/papers/HTTPDigestIntegrity.pdf" target="_blank">https://web.archive.org/web/20140714192236/https://secure.vsecurity.com/download/papers/HTTPDigestIntegrity.pdf</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>"TechNet Digest Authentication". August 2013. <a href="https://technet.microsoft.com/en-us/library/cc738318(v=ws.10).aspx" target="_blank">https://technet.microsoft.com/en-us/library/cc738318(v=ws.10).aspx</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>Anthony, Sebastian (February 13, 2013). "Opera admits defeat, switches to Google's Chromium". Extreme Tech. Ziff Davis. Retrieved 19 January 2024. <a href="https://www.extremetech.com/computing/148312-opera-drops-presto-switch-to-google-and-apples-webkit-rendering-engine" target="_blank">https://www.extremetech.com/computing/148312-opera-drops-presto-switch-to-google-and-apples-webkit-rendering-engine</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>DeLorenzo, Ike (2015-04-03). "Fare-thee-well, Digest access authentication". Bitbucet. Archived from the original on 2024-04-23. Retrieved 2025-01-21. <a href="https://web.archive.org/web/20240423145906/https://bitbucket.org/blog/fare-thee-well-digest-access-authentication" target="_blank">https://web.archive.org/web/20240423145906/https://bitbucket.org/blog/fare-thee-well-digest-access-authentication</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>"[RFC] Deprecate HTTP Digest authentication · Issue #24325 · symfony/symfony". GitHub. Archived from the original on 2023-10-12. Retrieved 2025-01-21. <a href="https://web.archive.org/web/20231012074234/https://github.com/symfony/symfony/issues/24325" target="_blank">https://web.archive.org/web/20231012074234/https://github.com/symfony/symfony/issues/24325</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> </ol>