CRAM (challenge-response authentication mechanism)

CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).

CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP). The two levels are basic authentication and digest authentication.

Using the CRAM, the server (or, alternatively, a proxy server or gateway) issues a challenge to a user in the form of a "401 unauthorized" request for a password. The password is a string of characters known only to the user and the server. When the server receives the user response, it checks to be sure the password is correct. If so, the user is authenticated. If not, or if for any other reason the network does not want to accept the password, a "403 forbidden" message is issued, and access to the site is denied. The CRAM can be used in addition to other security features, such as strong encryption.

The basic form of CRAM can be abused because passwords are comparatively easy to steal. In digest authentication, the more sophisticated of the two forms of CRAM, the password does not appear as plain text sent over the network. This enhances security but does not provide entirely hack-proof protection. Even digest CRAM can be defeated under certain circumstances, giving an unauthorized hacker superuser status. This makes it possible for the hacker to launch a denial-of-service attack, making it difficult or impossible for authorized users to obtain authentication.

This was first published in September 2005

Continue Reading About CRAM (challenge-response authentication mechanism)

Glossary

'CRAM (challenge-response authentication mechanism)' is part of the:

View All Definitions

Dig deeper on Two-Factor and Multifactor Authentication Strategies

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close