curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

use 'first hash' instead of password to do digest auth

From: Erik Janssen via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 21 May 2019 16:13:18 +0000

Hi,

Maybe this is not a curl question, and it is my lack of knowledge about storage of credentials getting in the way.

Reading https://en.wikipedia.org/wiki/Digest_access_authentication made me realise that if I could store the username + password after first successful connection as "HA1", (thus: MD5(username:realm:password)), and reuse that value later on when the program runs again, then I can have reasonably secure storage of passwords in my application.

But libcurl would need to allow me obtaining that value, and passing HA1 later on instead of normal username+ password credentials, and of course authentication would have to be digest-only.

Does this make sense? Or is there a better/more common way for secure password storage I have overlooked.
Your feedback appreciated.

Thanks,

Erik

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-05-21

This message: [ Message body ]
Next message: Scott Ellentuch via curl-library: "Edit cookies easily?"
Previous message: Connor Ruggles via curl-library: "RE: Compiling libcurl with HTTP/2 support in OpenWrt"
Next in thread: Nicolas Roeser via curl-library: "Re: use 'first hash' instead of password to do digest auth"
Reply: Nicolas Roeser via curl-library: "Re: use 'first hash' instead of password to do digest auth"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]