Revision as of 11:45, 29 January 2024 edit AnomieBOT (talk \| contribs) Bots 6,859,638 edits m Dating maintenance tags: {{Cn}} ← Previous edit		Revision as of 05:09, 1 February 2024 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,688,736 edits Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5 Next edit →
Line 86: * The password is not sent clear to the server. * The password is not used directly in the digest, but rather HA1 = MD5(username:realm:password). This allows some implementations (e.g. [[JBoss]]<ref>{{cite web \|url \| ~~url~~ = https://community.jboss.org/wiki/DIGESTAuth \|title \| ~~title~~ = DIGEST Authentication (4.0.4+) \|author \| ~~author~~ = Scott Stark \|date \| ~~date~~ = 2005-10-08 \|publisher \| ~~publisher~~ = [[JBoss]] \|access-date = 2013-03-04 \|archive-date = 2015-10-18 \|archive-url = https://web.archive.org/web/20151018155102/https://community.jboss.org/wiki/DIGESTAuth \|url-status = dead }}</ref>) to store HA1 rather than the cleartext password (however, see disadvantages of this approach) * Client nonce was introduced in RFC 2617, which allows the client to prevent [[chosen-plaintext attack]]s, such as [[rainbow table]]s that could otherwise threaten digest authentication schemes

Digest access authentication: Difference between revisions