• Post Reply Bookmark Topic Watch Topic
  • New Topic

DIGEST

 
pallavi utukuri
Ranch Hand
Posts: 182
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Given, HTTP digest authentication performed by transmitting the password in an encrypted form.
This statement must b true
When DIGEST is used,All data between the client and the server is encrypted.

but its given false in j2ee mock!
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on how you interpret the word *encrypted*.

For me, I wont regard *digest* as an encryption, because it does NOT involve any PKI operations. Thus, it is just masked, not encrypted!

In SCWCD Exam Study Kit page 139, it said:

The HTTP Disgest authentication is the same as Basic except that teh password is sent in an encrypted format.


However, there is a footnote:

Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for more info.


Thus, it really depends on how you treat a MD5 string.

Nick
 
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!