Digest access authentication: Difference between revisions

In September 2015, RFC 7616 replaced RFC 2617 by adding 4 new [[Algorithm|algorithms]]: "SHA-256", "SHA-256-sess", "SHA-512-256" and "SHA-512-256-sess". The encoding is equivalent to "MD5" and "MD5-sess" algorithms, with [[MD5|MD5 hashing function]] replaced with [[SHA-256]] and [[SHA-256|SHA-512-256]]. However, {{as of|2021|7|lc=y}}, none of popular browsers, including Firefox<ref>{{cite web |title=Bug 472823: SHA 256 Digest Authentication |url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 |website=Mozilla Bugzilla}}</ref> and Chrome,<ref>{{cite web |title= Issue 1160478: SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616 |url=https://bugs.chromium.org/p/chromium/issues/detail?id=1160478 |website=Chromium bugs}}</ref> support SHA-256 as the hash function. {{As of|2021|10}}, Firefox 93<ref>{{cite web |title=Bug 472823: SHA 256 Digest Authentication |url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 |website=Mozilla Bugzilla}}</ref> officially supports "SHA-256" and "SHA-256-sess" algorithms for digest authentication. However, support for "SHA-512-256", "SHA-512-256-sess" algorithms and username hashing<ref>{{cite news |title=IETF.org: RFC 7616 Username Hashing |url=https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4 |newspaper=Ietf Datatracker|date=30 September 2015 }}</ref> is still lacking.<ref>{{cite web |title=Mozilla-central: support SHA-256 HTTP Digest auth |url=https://hg.mozilla.org/mozilla-central/rev/7a4994734e00 |website=Mozilla-central}}</ref> {{As of|2023|8}}, Chromium 117 (then Chrome and Edge) supports "SHA-256".<ref>{{cite web |title=Chrome Feature: RFC 7616 Digest auth: Support SHA-256 and username hashing|url=https://chromestatus.com/feature/5139896267702272?context=myfeatures}}</ref>