Message Digest Authentication
Purpose:
-
-
Recently proposed as a simple replacement for Basic Authentication
Passwords NOT sent in cleartext
Main Idea:
- Uses Message Digest Functions
- MD5 is in public domain and NOT export-controlled (U.S.)
- Timestamps guard against replay attacks
- Server password files must not be world-readable
- The actual proposal is more complicated
for more information....
Message Digest Authentication Internet Draft