Menu
What is the difference between Digest and Basic Authentication ?
790
Digest authentication has many similarities to basic authentication, but it overcomes some of the problems. Digest authentication does not send usernames or passwords over the network. It is more secure than basic authentication, but it requires more planning to make it work.
Digest Access Authentication is a way for service providers to verify a person's credentials by using a web browser. Specifically, digest access authentication uses the HTTP protocol, applying MD5 cryptographic hashing and a nonce value to prevent replay attacks.
Unlike Basic Auth, where you have to share your password with people who need to access your user account, OAuth doesn't share password data. Instead, OAuth uses authorization tokens to verify an identity between consumers and service providers.
Basic authentication works by prompting a Web site visitor for a username and password. This method is widely used because most browsers and Web servers support it.
Digest Authentication communicates credentials in an encrypted form by applying a hash function to: the username, the password, a server supplied nonce value, the HTTP method and the requested URI.
Whereas Basic Authentication uses non-encrypted base64 encoding.
Therefore, Basic Authentication should generally only be used where transport layer security is provided such as https.
See RFC-2617 for all the gory details.
255
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
