What is the difference between Digest and Basic Authentication?

http authentication https basic-authentication digest-authentication
Dot Freelancer picture Dot Freelancer · Mar 2, 2012 · Viewed 99.7k times · Source

What is the difference between Digest and Basic Authentication ?

Answer

Andy picture Andy · Mar 2, 2012

Digest Authentication communicates credentials in an encrypted form by applying a hash function to: the username, the password, a server supplied nonce value, the HTTP method and the requested URI.

Whereas Basic Authentication uses non-encrypted base64 encoding.

Therefore, Basic Authentication should generally only be used where transport layer security is provided such as https.

See RFC-2617 for all the gory details.

Related questions

The definitive guide to form-based website authentication

Form-based authentication for websites We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be …

Read More
How to log out user from web site using BASIC authentication?

Is it possible to log out user from a web site if he is using basic authentication? Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time …

Read More
How to use Python to login to a webpage and retrieve cookies for later usage?

I want to download and parse webpage using python, but to access it I need a couple of cookies set. Therefore I need to login over https to the webpage first. The login moment involves sending two POST params (username, …

Read More