El Jueves, 8 de Enero de 2009, Andrew Wood escribió: > Where does the nonce value fit into digest authentication? I thought > it was just echoed back in the new invite as an extra security check, > but apparently its somehow used when MD5ing the password? > > How is the plaintext password & the nonce combined to give the hashed > password sent back to the server?
### --- Algorithm for creating the Digest response field --- ## HA1 HA1 = MD5(A1) = MD5(username:realm:password) ## HA2 # If 'qop' == "auth" or not present: HA2 = MD5(A2) = MD5(method:digestURI) # If 'qop' == "auth-int": HA2 = MD5(A2) = MD5(method:digestURI:H(entity-body)) ## response # If 'qop': response = MD5(HA1:nonce:nonceCount:clientNonce:qop:HA2) # If no 'qop' present: response = MD5(HA1:nonce:HA2) All is detailed in RFC 2617. -- Iñaki Baz Castillo _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
