M
Matt Baker
Guest
Digest isn't safer. Digest requires that the server know the actual cleartext password. Both the client and server compute a hash from the password and the nonce from the HTTP header sent from the client. Digest isn't supported by OEM because OEM doesn't know the user's password. Passwords stored by OEM are kept as hashes which cannot be reversed back to passwords. Digest cannot be supported. And you won't see it very often in many places because saving passwords as cleartext on the server is just a plain bad idea.
Continue reading...
Continue reading...