lör 2006-04-15 klockan 12:03 +1000 skrev Paul Matthews: > Just a quick question, whats the difference between digest authentication > and basic authentication? A lot.. If you are familiar with PPP the following analogues can be made basic -> PAP, or plain text password exchange. digest -> CHAP, or reasonably secure one-time hash exchanges There is also the same integration issues. As Digest never sends the password the server has very strict requirements on how it can verify the validity of the password. To be able to verify the request the server needs access to either the users plain-text password or a Digest H(A1) hash of the password. Similar but slightly different from the requirements of PPP CHAP authentication.. but there is a lot more to Digest than what is shown on this brief explanation. However, the more fancy things like integrity protection only applies to web servers, not proxies. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
