re: HMAC Authentication: Better protection for your API VIEW POST


Just a small correction. Basic authentication doesn't utilize 'digest' term as it mixes with Digest from the Digest authentication.

base64(username:password) is not a 'digest', but just encoded credentials. Neither encoded value is 'hash'. Hash is a one-way cryptographical operation whereas base64 can be decoded back.
Digest is a collection of several additional properties like nonce, cnonce, URI, etc.

Further on. Adding just a timestamp doesn't help security much as the attacker has this info as well (to some extent, which decreases the amount of tries he would need to generate a correct hash)

code of conduct - report abuse