Menu
I found many questions on stackoverflow which has a mention about digest authentication. I could not find on how does the digest authentication prevent replay attacks? I use the fiddler tool to intercept the http request to the servers. I used the same tool for replaying the requests to the server but the server asked for authentication.
I need to understand exactly on how prevention of replay attack is achieved. How the server is able to detect any replay of http requests?
Any links/resources would be appreciated.
905
Digest authentication prevents replay attacks by using a server-specified nonce. The server generates a random nonce when the client attempts to make an unauthenticated request, client has to incorporate the nonce into its response. It's up to the server to manage valid nonces, and invalidate them when they've been used, to prevent replays.
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
