Re: still more Digest Authentication comments

Phillip M. Hallam-Baker (hallam@dxal18.cern.ch)
Thu, 23 Mar 1995 19:04:56 +0900

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey Perry: "How are/should redirects of POSTS be handled"
Previous message: David Robinson: "Suggestion: HTTP Timezone header"
In reply to: Dave Kristol: "Re: still more Digest Authentication comments"

>FWIW, I've implemented John Franks's scheme in my server using base16.
>I think that biased my thinking.  Phillip is right that MD5 is 128 bits,
>and nothing need be said about encodings, except for transport. 

Ah well thats OK then. so long as everyone realises I'm right we can 
put whatever people like in the spec so long as it is clear. In my original
equations I think I simply assumed that the base-16 encoding was orthogonal to 
the hash function, the last thing to be done.

That said we should rewrite the spec using the functions D for digest and H for 
hex (uppercase). And make it explicit that we use H(D( x )) each time H appears 
presently.

My implementation will then be slightly non standard in using the uppercase for 
generation etc but accepting a digest passed using lowercase hex characters :-)


>2) If 16 binary bytes should be used for each of H(A1) and H(A2) in
><digest>, or for H(A1) in <message-digest>, why bother with the ':'s?

I have never understood that one. My original scheme didn't use them.

Same with the usernames. I could never understand the argument on :
vs @ since the only reason its there is to stop the fields running together
in a possibly ambiguous fashion.



		Phill.

Next message: Jeffrey Perry: "How are/should redirects of POSTS be handled"
Previous message: David Robinson: "Suggestion: HTTP Timezone header"
In reply to: Dave Kristol: "Re: still more Digest Authentication comments"