HTTP Digest is a mechanism used to improve the basic authentication process in the HTTP protocol. MD5 is normally used to encrypt user information, key, and realm, although other algorithms, such as SHA, can also be used in its different variants, which improve the security. It is implemented in Apache web servers with the mod_auth_digest module and the htdigest utility.
The process that a client must follow to send a response that results in access to a protected resource is:
- Hash1= MD5(“user:realm:password”)
- Hash2 = MD5(“HTTP-Method-URI”)
- response = MD5(Hash1:Nonce:Hash2)
Digest-based access authentication extends basic-access authentication by using a one-way hashing cryptographic algorithm (MD5) to first encrypt ...