• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

DIGEST

 
pallavi utukuri
Ranch Hand
Posts: 182
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Given, HTTP digest authentication performed by transmitting the password in an encrypted form.
This statement must b true
When DIGEST is used,All data between the client and the server is encrypted.

but its given false in j2ee mock!
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on how you interpret the word *encrypted*.

For me, I wont regard *digest* as an encryption, because it does NOT involve any PKI operations. Thus, it is just masked, not encrypted!

In SCWCD Exam Study Kit page 139, it said:

The HTTP Disgest authentication is the same as Basic except that teh password is sent in an encrypted format.


However, there is a footnote:

Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for more info.


Thus, it really depends on how you treat a MD5 string.

Nick
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic