Revision as of 12:47, 19 January 2024 edit Tideflat (talk \| contribs) Extended confirmed users 1,268 edits →Browser implementation: note that opera no longer uses the presto layout engine. ← Previous edit		Revision as of 11:25, 29 January 2024 edit undo SSSB (talk \| contribs) Extended confirmed users, Pending changes reviewers 59,807 edits use {{as of}} and request citation (I tried but couldn't find a list of browsers that support this) Next edit →
Line 57: The above shows that when qop is not specified, the simpler RFC 2069 standard is followed. In September 2015, RFC 7616 replaced RFC 2617 by adding 4 new algorithms: "SHA-256", "SHA-256-sess", "SHA-512-256" and "SHA-512-256-sess". The encoding is equivalent to "MD5" and "MD5-sess" algorithms, with [[MD5\|MD5 hashing function]] replaced with [[SHA-256]] and [[SHA-256\|SHA-512-256]]. However, {{as of ~~July~~ \|2021\|7\|lc=y}}, none of popular browsers, including Firefox<ref>{{cite web \|title=Bug 472823: SHA 256 Digest Authentication \|url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 \|website=Mozilla Bugzilla}}</ref> and Chrome,<ref>{{cite web \|title= Issue 1160478: SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616 \|url=https://bugs.chromium.org/p/chromium/issues/detail?id=1160478 \|website=Chromium bugs}}</ref> support SHA-256 as the hash function. {{As of ~~October~~ \|2021\|10}}, Firefox 93<ref>{{cite web \|title=Bug 472823: SHA 256 Digest Authentication \|url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 \|website=Mozilla Bugzilla}}</ref> officially supports "SHA-256" and "SHA-256-sess" algorithms for digest authentication. However, support for "SHA-512-256", "SHA-512-256-sess" algorithms and username hashing<ref>{{cite news \|title=IETF.org: RFC 7616 Username Hashing \|url=https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4 \|newspaper=Ietf Datatracker\|date=30 September 2015 }}</ref> is still lacking.<ref>{{cite web \|title=Mozilla-central: support SHA-256 HTTP Digest auth \|url=https://hg.mozilla.org/mozilla-central/rev/7a4994734e00 \|website=Mozilla-central}}</ref> {{As of ~~August~~ \|2023\|8}}, Chromium 117 (then Chrome and Edge) supports "SHA-256".<ref>{{cite web \|title=Chrome Feature: RFC 7616 Digest auth: Support SHA-256 and username hashing\|url=https://chromestatus.com/feature/5139896267702272?context=myfeatures}}</ref> == Impact of MD5 security on digest authentication == Line 148: == Example with explanation == The following example was originally given in RFC 2617 and is expanded here to show the full text expected for each [[HTTP request\|request]] and [[HTTP response\|response]]. Note that only the "auth" (authentication) quality of protection code is covered – {{as of\|2005\|04\|lc=y}},<!-- https://en.wikipedia.org/w/index.php?title=Digest_access_authentication&diff=prev&oldid=12216793 --> only the [[Opera (web browser)\|Opera]] and [[Konqueror]] web browsers are known to support "auth-int" (authentication with integrity protection).{{cn}} Although the specification mentions HTTP version 1.1, the scheme can be successfully added to a version 1.0 server, as shown here. This typical transaction consists of the following steps:

Digest access authentication: Difference between revisions