Re: [apache-ssl] strength of Authorization: Basic aG9uemE6dHJvdtagWcO==

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] strength of Authorization: Basic aG9uemE6dHJvdtagWcO==
From: Stefano Ravaioli <Stefano.Ravaioli@cineca.it>
Date: Tue, 12 May 1998 10:31:03 +0200
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: CINECA
References: <Pine.LNX.3.96.980511175202.5258o-100000@ann.ied.com>
Reply-To: apache-ssl@lists.aldigital.co.uk
Sender: Stefano.Ravaioli@cineca.it

Jan Vicherek wrote:

> 
>      what is the strength of encryption of Basic Authorization ? What
> cipher does it use to encrypt it ? I presume that it combines the
> realm,username and password info, right ?
> 

Null, the string is the base64 encoding of userid:password, it's
cleartext.

From draft-ietf-http-authentication-01.txt:

[...]
To receive authorization, the client sends the userid and password,
separated by a single colon (":") character, within a base64 [7]encoded
string in the credentials.

       basic-credentials = "Basic" SP base64-user-pass
       base64-user-pass  = <base64 [4] encoding of user-pass,
                        except not limited to 76 char/line>
       user-pass   = userid ":" password
       userid      = *<TEXT excluding ":">
       password    = *TEXT
[...]

Stefano Ravaioli

References:
- strength of Authorization: Basic aG9uemE6dHJvdtagWcO==
  - From: Jan Vicherek <honza@ied.com>

Prev by Date: Re: [apache-ssl] gcache failure
Next by Date: Re: [apache-ssl] Authentication problems
Prev by thread: strength of Authorization: Basic aG9uemE6dHJvdtagWcO==
Next by thread: Re: [apache-ssl] Authentication problems
Index(es):
- Date
- Thread