 - Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request. The user must then produce a response, which is encrypted and transmitted to the server. If the user's response is of the correct form, the server grants the user access to the network, Web site or requested resources for a single session.
In its simplest form, digest authentication is an enhanced method of single-factor authentication (SFA). The drawback of SFA is the fact that the single factor (the password or user response) is relatively easy for an experienced hacker to discover and exploit. Superior security can be obtained by the use of a two-factor authentication scheme, in which a physical token such as smart card is employed in addition to the password or keyboard-generated response to verify the identity of a potential user. Even better security may be provided by digest authentication in conjunction with multifactor authentication, in which three or more independent parameters are used. Such parameters may include biometric verification, fingerscanning or a voiceprint.
| LAST UPDATED: |
01 May 2007
|
 |
Read more about digest authentication:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
 |
 |
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
IGP
(SearchSecurity.com)
|
|
IP spoofing
(SearchSecurity.com)
IP spoofing, also known as IP address forgery, is a hijacking technique in which the attacker masquerades as a trusted host to conceal his identity,...
|
|
|
