Digest Authentication

Digest authentication is a proposed authentication scheme for HTTP. It is intended to replace the Basic authentication scheme. The primary advantage of Digest authentication is that passwords are never transmitted across the internet in unencrypted form. A second advantage is that the integrity of the URL data is certified. This means, for example, that the integrity of form information sent using the GET method is certified.

Here is a copy of the internet draft for this protocol.

Here are the source files of a Digest prototype for the WN server. The files wndigest.c and wndigest.h are in the public domain.

File README
File wndigest.c
File wndigest.h
File md5c.c
File mddriver.c
File md5.h
File global.h
File Makefile
Perl script to generate random data

This is a link to a document protected by Digest authentication. It can be accessed if you have a client supporting Digest authentication by using username: "Mufasa" and password: "CircleOfLife". No versions of Netscape will work because Digest Authentication is not (yet?) supported by Netscape.

John Franks
john@math.nwu.edu