Digest Authentication

Digest authentication is a proposed authentication scheme for HTTP. It is intended to replace the Basic authentication scheme. The primary advantage of Digest authentication is that passwords are never transmitted across the internet in unencrypted form. A second advantage is that the integrity of the URL data is certified. This means, for example, that the integrity of form information sent using the GET method is certified.

Here is a copy of the internet draft for this protocol.

Here are the source files of a Digest prototype for the WN server. The files wndigest.c, wndigest.h and Makefile are in the public domain. The files md5c.c, md5.h, and global.h are copyright RSA Data Security, Inc. (see the top of each file for licensing restrictions). The files listed below are intended for casual perusal and will not run as a useful standalone program as it is a module for use with the WN server. To run this software you should get the latest version of the WN package which contains everything that is here. However, this software should be easily modifiable for use with other servers.

This is a link to a document protected by Digest authentication. It can be accessed if you have a client supporting Digest authentication by using username: "Mufasa" and password: "CircleOfLife".

John Franks
john@math.nwu.edu