Digest Calculations
The heart of digest authentication is the one-way digest of the mix of public information, secret information, and a time-limited nonce value. Let’s look now at how the digests are computed. The digest calculations generally are straightforward.[10] Sample source code is provided in Appendix F.
Digest Algorithm Input Data
Digests are computed from three components:
A pair of functions consisting of a one-way hash function H(d) and digest KD(s,d), where s stands for secret and d stands for data
A chunk of data containing security information, including the secret password, called A1
A chunk of data containing nonsecret attributes of the request message, called A2
The two pieces of data, A1 and A2, are processed by H and KD to yield a digest.
The Algorithms H(d) and KD(s,d)
Digest authentication supports the selection of a variety of digest algorithms. The two algorithms suggested in RFC 2617 are MD5 and MD5-sess (where “sess” stands for session), and the algorithm defaults to MD5 if no other algorithm is specified.
If either MD5 or MD5-sess is used, the H function computes the MD5 of the data, and the KD digest function computes the MD5 of the colon-joined secret and nonsecret data. In other words:
H(<data>) = MD5(<data>) KD(<secret>,<data>) = H(concatenate(<secret>:<data>))
The Security-Related Data (A1)
The chunk of data called A1 is a product of secret and protection information, such as the username, password, protection realm, and nonces. A1 pertains only ...
Get HTTP: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
