Digest access authentication is specified by RFC 2617. It is sort of between SSL and the basic authentication — lightweight, easy to set up, while resistant to replay attacks.
It works as follows. When the client first requests a
protected resource, the server responds with
as well as realm and nonce. Then the client needs to send a second
request with the response value for authentication, which is
computed from password, the nonce, etc., as follows.
Here nc is short for nonce count and cnonce is client-side nonce, both of which are optional.
An attacker that is eavesdropping the traffic cannot guess the password, nor can the attacker replay the request to the server since the nonce value would be different each time.
The problem with lighttpd’s
mod_auth is that it doesn’t verify
the nonce in the client’s second request is the one it generated
earlier, which means that an attacker could use any nonce to bypass
the digest authentication. Thus, the digest authentication is
basically equivalent to the basic authentication in this case.
The lighttpd developers pointed me to their wiki.
The implementation of digest method is currently not completely
compliant with the standard as it still allows a replay attack.
(i.e. not secure)
Seriously, do you really have to teach people how to configure digest authentication but hide the sentence in a bunch of small bullets? ;-)