RFC relevance of password

As per Relevance of the word password, we have this rfc below:

Network Working Group J.
Request for Comments: 2069 Northwestern
Category: Standards Track P. Hallam-

J.
Spyglass, Inc
P.
Microsoft
A.
Netscape Communications
E.
Spyglass, Inc
L.
Open Market, Inc
January 1997

An Extension to HTTP : Digest Access

Status of this

This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited

The protocol referred to as "HTTP/1.0" includes the specification
a Basic Access Authentication scheme. This scheme is not
to be a secure method of user authentication, as the user name
password are passed over the network as clear text. A
for a different authentication scheme is needed to address
severe limitation. This document provides specification for such
scheme, referred to as "Digest Access Authentication". Like Basic
Digest access authentication verifies that both parties to
communication know a shared secret (a password); unlike Basic,
verification can be done without sending the password in the clear
which is Basic's biggest weakness. As with most other
protocols, the greatest sources of risks are usually found not in
core protocol itself but in policies and procedures surrounding
use

Franks, et. al. Standards Track [Page 1]

RFC 2069 Ditigal Access Authentication January 1997

Table of

INTRODUCTION...................................................... 2
1.1 PURPOSE .................................................... 2
1.2 OVERALL OPERATION .......................................... 3
1.3 REPRESENTATION OF DIGEST VALUES ............................ 3
1.4 LIMITATIONS ................................................ 3
2. DIGEST ACCESS AUTHENTICATION SCHEME............................ 3
2.1 SPECIFICATION OF DIGEST HEADERS ............................. 3
2.1.1 THE WWW-AUTHENTICATE RESPONSE HEADER ..................... 4
2.1.2 THE AUTHORIZATION REQUEST HEADER ......................... 6
2.1.3 THE AUTHENTICATION-INFO HEADER ........................... 9
2.2 DIGEST OPERATION ............................................ 10
2.3 SECURITY PROTOCOL NEGOTIATION ............................... 10
2.4 EXAMPLE ..................................................... 11
2.5 PROXY-AUTHENTICATION AND PROXY-AUTHORIZATION ................ 11
3. SECURITY CONSIDERATIONS........................................ 12
3.1 COMPARISON WITH BASIC AUTHENTICATION ........................ 13
3.2 REPLAY ATTACKS .............................................. 13
3.3 MAN IN THE MIDDLE ........................................... 14
3.4 SPOOFING BY COUNTERFEIT SERVERS ............................. 15
3.5 STORING PASSWORDS ........................................... 15
3.6 SUMMARY ..................................................... 16
4. ACKNOWLEDGMENTS............................................... 16
5. REFERENCES..................................................... 16
6. AUTHORS' ADDRESSES............................................. 17

1.1

The protocol referred to as "HTTP/1.0" includes specification for
Basic Access Authentication scheme[1]. This scheme is not
to be a secure method of user authentication, as the user name
password are passed over the network in an unencrypted form.
specification for a new authentication scheme is needed for
versions of the HTTP protocol. This document provides
for such a scheme, referred to as "Digest Access Authentication".

The Digest Access Authentication scheme is not intended to be
complete answer to the need for security in the World Wide Web.
scheme provides no encryption of object content. The intent is
to create a weak access authentication method which avoids the
serious flaws of Basic authentication

It is proposed that this access authentication scheme be included
the proposed HTTP/1.1 specification

Franks, et. al. Standards Track [Page 2]

RFC 2069 Ditigal Access Authentication January 1997

1.2 Overall

Like Basic Access Authentication, the Digest scheme is based on
simple challenge-response paradigm. The Digest scheme
using a nonce value. A valid response contains a checksum (
default the MD5 checksum) of the username, the password, the
nonce value, the HTTP method, and the requested URI. In this way
the password is never sent in the clear. Just as with the
scheme, the username and password must be prearranged in some
which is not addressed by this document

1.3 Representation of digest

An optional header allows the server to specify the algorithm used
create the checksum or digest. By default the MD5 algorithm is
and that is the only algorithm described in this document

For the purposes of this document, an MD5 digest of 128 bits
represented as 32 ASCII printable characters. The bits in the 128
bit digest are converted from most significant to least
bit, four bits at a time to their ASCII presentation as follows
Each four bits is represented by its familiar hexadecimal
from the characters 0123456789abcdef. That is, binary 0000
represented by the character '0', 0001, by '1', and so on up to
representation of 1111 as 'f'.

1.4

The digest authentication scheme described in this document
from many known limitations. It is intended as a replacement
basic authentication and nothing more. It is a password-based
and (on the server side) suffers from all the same problems of
password system. In particular, no provision is made in
protocol for the initial secure arrangement between user and
to establish the user's password

Users and implementors should be aware that this protocol is not
secure as kerberos, and not as secure as any client-side private-
scheme. Nevertheless it is better than nothing, better than what
commonly used with telnet and ftp, and better than
authentication

2. Digest Access Authentication

2.1 Specification of Digest

The Digest Access Authentication scheme is conceptually similar
the Basic scheme. The formats of the modified WWW-

Franks, et. al. Standards Track [Page 3]

RFC 2069 Ditigal Access Authentication January 1997

header line and the Authorization header line are specified below
using the extended BNF defined in the HTTP/1.1 specification,
2.1. In addition, a new header, Authentication-info, is specified

2.1.1 The WWW-Authenticate Response

If a server receives a request for an access-protected object, and
acceptable Authorization header is not sent, the server responds
a "401 Unauthorized" status code, and a WWW-Authenticate header
which is defined as follows

WWW-Authenticate = "WWW-Authenticate" ":" "Digest
digest-

digest-challenge = 1#( realm | [ domain ] | nonce |
[ digest-opaque ] |[ stale ] | [ algorithm ] )

realm = "realm" "=" realm-
realm-value = quoted-
domain = "domain" "=" <"> 1#URI <">
nonce = "nonce" "=" nonce-
nonce-value = quoted-
opaque = "opaque" "=" quoted-
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | token )

The meanings of the values of the parameters used above are
follows

A string to be displayed to users so they know which username
password to use. This string should contain at least the name
the host performing the authentication and might
indicate the collection of users who might have access. An
might be "registered_users@gotham.news.com". The realm is
"quoted-string" as specified in section 2.2 of the HTTP/1.1
specification [2].

A comma-separated list of URIs, as specified for HTTP/1.0.
intent is that the client could use this information to know
set of URIs for which the same authentication information should
sent. The URIs in this list may exist on different servers.
this keyword is omitted or empty, the client should assume that
domain consists of all URIs on the responding server

Franks, et. al. Standards Track [Page 4]

RFC 2069 Ditigal Access Authentication January 1997

A server-specified data string which may be uniquely generated
time a 401 response is made. It is recommended that this string
base64 or hexadecimal data. Specifically, since the string
passed in the header lines as a quoted string, the double-
character is not allowed

The contents of the nonce are implementation dependent.
quality of the implementation depends on a good choice.
recommended nonce would

H(client-IP ":" time-stamp ":" private-key )

Where client-IP is the dotted quad IP address of the client
the request, time-stamp is a server-generated time value, private
key is data known only to the server. With a nonce of this form
server would normally recalculate the nonce after receiving
client authentication header and reject the request if it did
match the nonce from that header. In this way the server can
the reuse of a nonce to the IP address to which it was issued
limit the time of the nonce's validity. Further discussion of
rationale for nonce construction is in section 3.2 below

An implementation might choose not to accept a previously
nonce or a previously used digest to protect against a
attack. Or, an implementation might choose to use one-time
or digests for POST or PUT requests and a time-stamp for
requests. For more details on the issues involved see section 3.
of this document

The nonce is opaque to the client

A string of data, specified by the server, which should
returned by the client unchanged. It is recommended that
string be base64 or hexadecimal data. This field is
"quoted-string" as specified in section 2.2 of the HTTP/1.1
specification [2].

A flag, indicating that the previous request from the client
rejected because the nonce value was stale. If stale is TRUE (
upper or lower case), the client may wish to simply retry
request with a new encrypted response, without reprompting
user for a new username and password. The server should only
stale to true if it receives a request for which the nonce
invalid but with a valid digest for that nonce (indicating
the client knows the correct username/password).

Franks, et. al. Standards Track [Page 5]

RFC 2069 Ditigal Access Authentication January 1997

A string indicating a pair of algorithms used to produce
digest and a checksum. If this not present it is assumed to
"MD5". In this document the string obtained by applying
digest algorithm to the data "data" with secret "secret" will
denoted by KD(secret, data), and the string obtained by
the checksum algorithm to the data "data" will be
H(data).

For the "MD5"

H(data) = MD5(data

KD(secret, data) = H(concat(secret, ":", data))

i.e., the digest is the MD5 of the secret concatenated with a
concatenated with the data

2.1.2 The Authorization Request

The client is expected to retry the request, passing an
header line, which is defined as follows

Authorization = "Authorization" ":" "Digest" digest-

digest-response = 1#( username | realm | nonce | digest-uri |
response | [ digest ] | [ algorithm ] |
opaque )

username = "username" "=" username-
username-value = quoted-
digest-uri = "uri" "=" digest-uri-
digest-uri-value = request-uri ; As specified by HTTP/1.1
response = "response" "=" response-
digest = "digest" "=" entity-

response-digest = <"> *LHEX <">
entity-digest = <"> *LHEX <">
LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
"8" | "9" | "a" | "b" | "c" | "d" | "e" | "f

The definitions of response-digest and entity-digest above
the encoding for their values. The following definitions show how
value is computed

Franks, et. al. Standards Track [Page 6]

RFC 2069 Ditigal Access Authentication January 1997

response-digest =
<"> < KD ( H(A1), unquoted nonce-value ":" H(A2) > <">

A1 = unquoted username-value ":" unquoted realm-
":"
password = < user's password >
A2 = Method ":" digest-uri-

The "username-value" field is a "quoted-string" as specified
section 2.2 of the HTTP/1.1 specification [2]. However,
surrounding quotation marks are removed in forming the string A1.
Thus if the Authorization header includes the

username="Mufasa", realm="myhost@testrealm.com

and the user Mufasa has password "CircleOfLife" then H(A1) would
H(Mufasa:myhost@testrealm.com:CircleOfLife) with no quotation
in the digested string

No white space is allowed in any of the strings to which the
function H() is applied unless that white space exists in the
strings or entity body whose contents make up the string to
digested. For example, the string A1 in the illustrated above
be Mufasa:myhost@testrealm.com:CircleOfLife with no white space
either side of the colons. Likewise, the other strings digested
H() must not have white space on either side of the colons
delimit their fields unless that white space was in the
strings or entity body being digested

"Method" is the HTTP request method as specified in section 5.1
[2]. The "request-uri" value is the Request-URI from the
line as specified in section 5.1 of [2]. This may be "*",
"absoluteURL" or an "abs_path" as specified in section 5.1.2 of [2],
but it MUST agree with the Request-URI. In particular, it MUST be
"absoluteURL" if the Request-URI is an "absoluteURL".

The authenticating server must assure that the document designated
the "uri" parameter is the same as the document served. The
of duplicating information from the request URL in this field is
deal with the possibility that an intermediate proxy may alter
client's request. This altered (but presumably
equivalent) request would not result in the same digest as
calculated by the client

The optional "digest" field contains a digest of the entity body
some of the associated entity headers. This digest can be useful
both request and response transactions. In a request it can
the integrity of POST data or data being PUT to the server. In

Franks, et. al. Standards Track [Page 7]

RFC 2069 Ditigal Access Authentication January 1997

response it insures the integrity of the served document. The
of the "digest" field is an which is defined
follows

entity-digest = <"> KD (H(A1), unquoted nonce-value ":" Method ":"
date ":" entity-info ":" H(entity-body)) <">
; format is <"> *LHEX <">

date = = rfc1123-date ; see section 3.3.1 of [2]
entity-info = H
digest-uri-value ":"
media-type ":" ; Content-type, see section 3.7 of [2]
*DIGIT ":" ; Content length, see 10.12 of [2]
content-coding ":" ; Content-encoding, see 3.5 of [2]
last-modified ":" ; last modified date, see 10.25 of [2]
expires ; expiration date; see 10.19 of [2]
)

last-modified = rfc1123-date ; see section 3.3.1 of [2]
expires = rfc1123-

The entity-info elements incorporate the values of the URI used
request the entity as well as the associated entity headers Content
type, Content-length, Content-encoding, Last-modified, and Expires
These headers are all end-to-end headers (see section 13.5.1 of [2])
which must not be modified by proxy caches. The "entity-body" is
specified by section 10.13 of [2] or RFC 1864.

Note that not all entities will have an associated URI or all
these headers. For example, an entity which is the data of a
request will typically not have a digest-uri-value or Last-
or Expires headers. If an entity does not have a digest-uri-value
a header corresponding to one of the entity-info fields, then
field is left empty in the computation of entity-info. All
colons specified above are present, however. For example the
of the entity-info associated with POST data which has content-
"text/plain", no content-encoding and a length of 255 bytes would
H(:text/plain:255:::). Similarly a request may not have a "Date
header. In this case the date field of the entity-digest should
empty

In the entity-info and entity-digest computations, except for
blank after the comma in "rfc1123-date", there must be no white
between "words" and "tspecials", and exactly one blank
"words" (see section 2.2 of [2]).

Franks, et. al. Standards Track [Page 8]

RFC 2069 Ditigal Access Authentication January 1997

Implementors should be aware of how authenticated
interact with proxy caches. The HTTP/1.1 protocol specifies
when a shared cache (see section 13.10 of [2]) has received a
containing an Authorization header and a response from relaying
request, it MUST NOT return that response as a reply to any
request, unless one of two Cache-control (see section 14.9 of [2])
directives was present in the response. If the original
included the "must-revalidate" Cache-control directive, the cache
use the entity of that response in replying to a subsequent request
but MUST first revalidate it with the origin server, using
request headers from the new request to allow the origin server
authenticate the new request. Alternatively, if the
response included the "public" Cache-control directive, the
entity MAY be returned in reply to any subsequent request

2.1.3 The AuthenticationInfo

When authentication succeeds, the Server may optionally provide
Authentication-info header indicating that the server wants
communicate some information regarding the successful
(such as an entity digest or a new nonce to be used for the
transaction). It has two fields, digest and nextnonce. Both
optional

AuthenticationInfo = "Authentication-info" ":"
1#( digest | nextnonce )

nextnonce = "nextnonce" "=" nonce-

digest = "digest" "=" entity-

The optional digest allows the client to verify that the body of
response has not been changed en-route. The server would
only send this when it has the document and can compute it.
server would probably not bother generating this header for
output. The value of the "digest" is an which
computed as described above

The value of the nextnonce parameter is the nonce the server
the client to use for the next authentication response. Note
either field is optional. In particular the server may send
Authentication-info header with only the nextnonce field as a
of implementing one-time nonces. If the nextnonce field is
the client is strongly encouraged to use it for the next WWW
Authenticate header. Failure of the client to do so may result in
request to re-authenticate from the server with the "stale=TRUE."

Franks, et. al. Standards Track [Page 9]

RFC 2069 Ditigal Access Authentication January 1997

2.2 Digest

Upon receiving the Authorization header, the server may check
validity by looking up its known password which corresponds to
submitted username. Then, the server must perform the same MD
operation performed by the client, and compare the result to
given response-digest

Note that the HTTP server does not actually need to know the user'
clear text password. As long as H(A1) is available to the server
the validity of an Authorization header may be verified

A client may remember the username, password and nonce values,
that future requests within the specified may include
Authorization header preemptively. The server may choose to
the old Authorization header information, even though the nonce
included might not be fresh. Alternatively, the server could return
401 response with a new nonce value, causing the client to retry
request. By specifying stale=TRUE with this response, the
hints to the client that the request should be retried with the
nonce, without reprompting the user for a new username and password

The opaque data is useful for transporting state information around
For example, a server could be responsible for authenticating
which actually sits on another server. The first 401 response
include a domain field which includes the URI on the second server
and the opaque field for specifying state information. The
will retry the request, at which time the server may respond with
301/302 redirection, pointing to the URI on the second server.
client will follow the redirection, and pass the same
header, including the data which the second server
require

As with the basic scheme, proxies must be completely transparent
the Digest access authentication scheme. That is, they must
the WWW-Authenticate, Authentication-info and Authorization
untouched. If a proxy wants to authenticate a client before a
is forwarded to the server, it can be done using the Proxy
Authenticate and Proxy-Authorization headers described in section 2.5
below

2.3 Security Protocol

It is useful for a server to be able to know which security schemes
client is capable of handling

If this proposal is accepted as a required part of the HTTP/1.1
specification, then a server may assume Digest support when a

Franks, et. al. Standards Track [Page 10]

RFC 2069 Ditigal Access Authentication January 1997

identifies itself as HTTP/1.1 compliant

It is possible that a server may want to require Digest as
authentication method, even if the server does not know that
client supports it. A client is encouraged to fail gracefully if
server specifies any authentication scheme it cannot handle

2.4

The following example assumes that an access-protected document
being requested from the server. The URI of the document
"http://www.nowhere.org/dir/index.html". Both client and server
that the username for this document is "Mufasa", and the password
"CircleOfLife".

The first time the client requests the document, no
header is sent, so the server responds with

HTTP/1.1 401
WWW-Authenticate: Digest realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"

The client may prompt the user for the username and password,
which it will respond with a new request, including the
Authorization header

Authorization: Digest username="Mufasa",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
response="e966c932a9242554e42c8ee200cec7f6",
opaque="5ccc069c403ebaf9f0171e9517f40e41"

2.5 Proxy-Authentication and Proxy-

The digest authentication scheme may also be used for
users to proxies, proxies to proxies, or proxies to end servers
use of the Proxy-Authenticate and Proxy-Authorization headers.
headers are instances of the general Proxy-Authenticate and Proxy
Authorization headers specified in sections 10.30 and 10.31 of
HTTP/1.1 specification [2] and their behavior is subject
restrictions described there. The transactions for
authentication are very similar to those already described.
receiving a request which requires authentication, the proxy/
must issue the "HTTP/1.1 401 Unauthorized" header followed by
"Proxy-Authenticate" header of the

Franks, et. al. Standards Track [Page 11]

RFC 2069 Ditigal Access Authentication January 1997

Proxy-Authentication = "Proxy-Authentication" ":" "Digest
digest-

where digest-challenge is as defined above in section 2.1.
client/proxy must then re-issue the request with a Proxy-
header of the

Proxy-Authorization = "Proxy-Authorization" ":"
digest-

where digest-response is as defined above in section 2.1.
authentication succeeds, the Server may optionally provide a Proxy
Authentication-info header of the

Proxy-Authentication-info = "Proxy-Authentication-info" ":"

where nextnonce has the same semantics as the nextnonce field in
Authentication-info header described above in section 2.1.

Note that in principle a client could be asked to authenticate
to both a proxy and an end-server. It might receive an "HTTP/1.1 401
Unauthorized" header followed by both a WWW-Authenticate and
Proxy-Authenticate header. However, it can never receive more
one Proxy-Authenticate header since such headers are only
immediate connections and must not be passed on by proxies. If
client receives both headers, it must respond with both
Authorization and Proxy-Authorization headers as described above
which will likely involve different combinations of username
password, nonce, etc

3. Security

Digest Authentication does not provide a strong
mechanism. That is not its intent. It is intended solely to
a much weaker and even more dangerous authentication mechanism:
Authentication. An important design constraint is that the
authentication scheme be free of patent and export restrictions

Most needs for secure HTTP transactions cannot be met by
Authentication. For those needs SSL or SHTTP are more
protocols. In particular digest authentication cannot be used
any transaction requiring encrypted content. Nevertheless
functions remain for which digest authentication is both useful
appropriate

Franks, et. al. Standards Track [Page 12]

RFC 2069 Ditigal Access Authentication January 1997

3.1 Comparison with Basic

Both Digest and Basic Authentication are very much on the weak end
the security strength spectrum. But a comparison between the
points out the utility, even necessity, of replacing Basic by Digest

The greatest threat to the type of transactions for which
protocols are used is network snooping. This kind of
might involve, for example, online access to a database whose use
restricted to paying subscribers. With Basic authentication
eavesdropper can obtain the password of the user. This not
permits him to access anything in the database, but, often worse
will permit access to anything else the user protects with the
password

By contrast, with Digest Authentication the eavesdropper only
access to the transaction in question and not to the user's password
The information gained by the eavesdropper would permit a
attack, but only with a request for the same document, and even
might be difficult

3.2 Replay

A replay attack against digest authentication would usually
pointless for a simple GET request since an eavesdropper
already have seen the only document he could obtain with a replay
This is because the URI of the requested document is digested in
client response and the server will only deliver that document.
contrast under Basic Authentication once the eavesdropper has
user's password, any document protected by that password is open
him. A GET request containing form data could only be "replayed
with the identical data. However, this could be problematic if
caused a CGI script to take some action on the server

Thus, for some purposes, it is necessary to protect against
attacks. A good digest implementation can do this in various ways
The server created "nonce" value is implementation dependent, but
it contains a digest of the client IP, a time-stamp, and a
server key (as recommended above) then a replay attack is not simple
An attacker must convince the server that the request is coming
a false IP address and must cause the server to deliver the
to an IP address different from the address to which it believes
is sending the document. An attack can only succeed in the
before the time-stamp expires. Digesting the client IP and time
stamp in the nonce permits an implementation which does not
state between transactions

Franks, et. al. Standards Track [Page 13]

RFC 2069 Ditigal Access Authentication January 1997

For applications where no possibility of replay attack can
tolerated the server can use one-time response digests which will
be honored for a second use. This requires the overhead of
server remembering which digests have been used until the
time-stamp (and hence the digest built with it) has expired, but
effectively protects against replay attacks. Instead of maintaining
list of the values of used digests, a server would hash these
and require re-authentication whenever a hash collision occurs

An implementation must give special attention to the possibility
replay attacks with POST and PUT requests. A successful
attack could result in counterfeit form data or a counterfeit
of a PUT file. The use of one-time digests or one-time nonces
recommended. It is also recommended that the optional
implemented for use with POST or PUT requests to assure the
of the posted data. Alternatively, a server may choose to
digest authentication only with GET requests. Responsible
implementors will document the risks described here as they
to a given implementation

3.3 Man in the

Both Basic and Digest authentication are vulnerable to "man in
middle" attacks, for example, from a hostile or compromised proxy
Clearly, this would present all the problems of eavesdropping.
it could also offer some additional threats

A simple but effective attack would be to replace the
challenge with a Basic challenge, to spoof the client into
their password. To protect against this attack, clients
remember if a site has used Digest authentication in the past,
warn the user if the site stops using it. It might also be a
idea for the browser to be configured to demand Digest
in general, or from specific sites

Or, a hostile proxy might spoof the client into making a request
attacker wanted rather than one the client wanted. Of course,
is still much harder than a comparable attack against
Authentication

There are several attacks on the "digest" field in
Authentication-info header. A simple but effective attack is just
remove the field, so that the client will not be able to use it
detect modifications to the response entity. Sensitive
may wish to allow configuration to require that the digest field
present when appropriate. More subtly, the attacker can alter any
the entity-headers not incorporated in the computation of the digest
The attacker can alter most of the request headers in the client'

Franks, et. al. Standards Track [Page 14]

RFC 2069 Ditigal Access Authentication January 1997

request, and can alter any response header in the origin-server'
reply, except those headers whose values are incorporated into
"digest" field

Alteration of Accept* or User-Agent request headers can only
in a denial of service attack that returns content in an
media type or language. Alteration of cache control headers also
only result in denial of service. Alteration of Host will
detected, if the full URL is in the response-digest. Alteration
Referer or From is not important, as these are only hints

3.4 Spoofing by Counterfeit

Basic Authentication is vulnerable to spoofing by
servers. If a user can be led to believe that she is connecting to
host containing information protected by a password she knows,
in fact she is connecting to a hostile server, then the
server can request a password, store it away for later use, and
an error. This type of attack is more difficult with
Authentication -- but the client must know to demand that
authentication be used, perhaps using some of the
described above to counter "man-in-the-middle" attacks

3.5 Storing

Digest authentication requires that the authenticating agent (
the server) store some data derived from the user's name and
in a "password file" associated with a given realm. Normally
might contain pairs consisting of username and H(A1), where H(A1)
the digested value of the username, realm, and password as
above

The security implications of this are that if this password file
compromised, then an attacker gains immediate access to documents
the server using this realm. Unlike, say a standard UNIX
file, this information need not be decrypted in order to
documents in the server realm associated with this file. On
other hand, decryption, or more likely a brute force attack, would
necessary to obtain the user's password. This is the reason that
realm is part of the digested data stored in the password file.
means that if one digest authentication password file is compromised
it does not automatically compromise others with the same
and password (though it does expose them to brute force attack).

There are two important security consequences of this. First
password file must be protected as if it contained
passwords, because for the purpose of accessing documents in
realm, it effectively does

Franks, et. al. Standards Track [Page 15]

RFC 2069 Ditigal Access Authentication January 1997

A second consequence of this is that the realm string should
unique among all realms which any single user is likely to use.
particular a realm string should include the name of the host
the authentication. The inability of the client to authenticate
server is a weakness of Digest Authentication

3.6

By modern cryptographic standards Digest Authentication is weak.
for a large range of purposes it is valuable as a replacement
Basic Authentication. It remedies many, but not all, weaknesses
Basic Authentication. Its strength may vary depending on
implementation. In particular the structure of the nonce (which
dependent on the server implementation) may affect the ease
mounting a replay attack. A range of server options is
since, for example, some implementations may be willing to accept
server overhead of one-time nonces or digests to eliminate
possibility of replay while others may satisfied with a nonce
the one recommended above restricted to a single IP address and
a limited lifetime

The bottom line is that *any* compliant implementation will
relatively weak by cryptographic standards, but *any*
implementation will be far superior to Basic Authentication

4.

In addition to the authors, valuable discussion instrumental
creating this document has come from Peter J. Churchyard, Ned Freed
and David M. Kristol

5.

[1] Berners-Lee, T., Fielding, R., and H. Frystyk
"Hypertext Transfer Protocol -- HTTP/1.0",
RFC 1945, May 1996.

[2] Berners-Lee, T., Fielding, R., and H. Frystyk
"Hypertext Transfer Protocol -- HTTP/1.1"
RFC 2068, January 1997.

[3] Rivest, R., "The MD5 Message-Digest Algorithm",
RFC 1321, April 1992.

Franks, et. al. Standards Track [Page 16]

RFC 2069 Ditigal Access Authentication January 1997

6. Authors'

John
Professor of
Department of
Northwestern
Evanston, IL 60208-2730,

EMail: john@math.nwu.

Phillip M. Hallam-
European Union

EMail: hallam@w3.

Jeffery L.
Senior Software
Spyglass, Inc
3200 Farber
Champaign, IL 61821,

EMail: jeff@spyglass.

Paul J.
Microsoft
1 Microsoft
Redmond, WA 98052,

EMail: paulle@microsoft.

Ari
Member of Technical
Netscape Communications
501 East Middlefield
Mountain View, CA 94043,

EMail: luotonen@netscape.

Franks, et. al. Standards Track [Page 17]

RFC 2069 Ditigal Access Authentication January 1997

Eric W.
Senior Software
Spyglass, Inc
3200 Farber
Champaign, IL 61821,

EMail: eric@spyglass.

Lawrence C.
Open Market, Inc
215 First
Cambridge, MA 02142,

EMail: stewart@OpenMarket.

Franks, et. al. Standards Track [Page 18]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX