This content originally appeared on DEV Community and was authored by Ryoichi Homma
This article is an extended version of my last article, Understanding Basic Authentication, exploring more about Digest Authentication, especially how it works, how to implement it, and the differences between Basic and Digest Authentications.
Digest Authentication
Digest Authentication is a more secure alternative to Basic Authentication. Instead of sending the credentials in plaintext (Base64), it uses MD5 hashing along with a challenge-response mechanism. This prevents passwords from being directly intercepted, making it more secure than Basic Authentication.
Implementation
Follow these steps to implement Digest Authentication on the Apache server:
- Install Apache using yum command:
sudo install httpd -y
- Create a protected directory:
sudo mkdir -p /var/www/html/digest
/digest can be anything.
- Create the Digest password file:
sudo htdigest -c /etc/httpd/conf.d/.digestpass "Digest Auth" username
- Ener and confirm the password.
- The
AuthNamevalue must match the Apache configuration ("Digest Auth" in this case).
- Verify the Digest password file:
cat /etc/httpd/conf.d/.digestpass
- Edit the Apache configuration file:
sudo vi /etc/httpd/conf/httpd.conf
Add the following inside the <Directory "/var/www/html"> section:
<Directory "/var/www/html/digest">
AuthType Digest
AuthName "Digest Auth"
AuthUserFile /etc/httpd/conf.d/.digestpass
Require valid-user
</Directory>
- Create an index.html file in the protected directory:
sudo vi /var/www/html/digest/index.html
Add what you want to display when the user is authorized:
You're successfully authorized
- Press
ito start typing, turning on the INSERT MODE. - Press
esc, type:wq, and pressEnterto save the file and exit the INSERT MODE.
- Restart the Apache server:
sudo systemctl restart httpd
- Test the Authentication using
curlcommand:
curl -L --digest -u username:password http://xx.xx.xx.xx/digest
If you see You're successfully authorized, authentication is working correctly.
Key Differences Between Basic and Digest Authentication
- Feature: Digest Authentication is more secure than Basic Authentication.
- Password Transmission: While Basic Authentication sends as Base64 (plaintext), Digest Authentication sends as a hashed value.
- Replay Attack Risk: Digest Authentication is lower due to its nonce mechanism.
- Browser Support: While Basic Authentication is widely supported, Digest Authentication is less common.
- Others: - Digest Authentication is a more secure alternative to Basic Authentication because Basic only uses HTTPS.
Conclusion
Both Basic and Digest Authentication provide ways to restrict access to web resources. Basic Authentication is easy to implement but should always be used with HTTPS to prevent credential exposure. Digest Authentication offers better security through hashing and challenge-response mechanisms, making it a more secure choice for sensitive data.
If you're working with an Apache web server, implementing these authentication methods is straightforward and enhances security for restricted resources.
Reference
- https://qiita.com/miyuki_samitani/items/ccf9217a058019ca8d59
- https://atmarkit.itmedia.co.jp/flinux/rensai/linuxtips/699apachedigest.html
This content originally appeared on DEV Community and was authored by Ryoichi Homma
Ryoichi Homma | Sciencx (2025-02-19T22:28:25+00:00) Understanding Digest Authentication. Retrieved from https://www.scien.cx/2025/02/19/understanding-digest-authentication/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.