It depends on how you interpret the
word *encrypted*.
For me, I wont regard *digest* as an encryption, because it does NOT involve any PKI operations. Thus, it is just masked, not encrypted!
In SCWCD Exam Study Kit page 139, it said:
The HTTP Disgest authentication is the same as Basic except that teh password is sent in an encrypted format.
However, there is a footnote:
Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for more info.
Thus, it really depends on how you treat a MD5
string.
Nick
SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)