15 Jan
2003
15 Jan
'03
1:58 p.m.
Hello, comments inline.
On 03-01 10:17, Karsten Knüttel wrote:
Hi there,
In a REGISTER case there is a HeaderField AUTHORIZATION. The usual
encryption algorithm is "MD5".
MD5 is used for hash computation, not for encryption.
Is it possible to REGISTER without any encryption?
There is no encryption used, the Authorization header field is used
for authorization only, not for encryption.
Please give a statement if I understood everything
right or correct me:
Digest Username => not encrypted;
realm =>not encrypted;
URI =>not encrypted;
Nonce => encrypted => is Password?
Response => encrypted => what´s that?
Nonce is a string generated by the server, client uses the string to compute
response.
Response is a string computed by the client, among other things, it is a
hash of username, password and so on. The server then recalculates the
response and if it is same, the user is authenticated.
regards, Jan.