How is the Digest response computed?

With qop=auth the response is H(HA1:nonce:nc:cnonce:qop:HA2), where HA1 = H(username:realm:password) and HA2 = H(method:digestURI). H is the hash named by the algorithm parameter (MD5 by default, or SHA-256). Without qop the simpler legacy form H(HA1:nonce:HA2) is used.

What is the nonce and why does it change?

The nonce is a server-generated opaque value sent in the WWW-Authenticate challenge. It is mixed into the response hash so a captured response cannot be replayed indefinitely. Servers rotate the nonce and may mark a stale one with stale=true, prompting the client to recompute without re-asking for a password.

What do nc and cnonce do?

When qop is present the client adds a client nonce (cnonce) and a nonce count (nc) — an 8-hex counter of how many times it has used this server nonce. They let the server detect replays and let the client contribute randomness, strengthening the digest against precomputed-table attacks.

Is Digest auth secure?

It avoids sending the password in cleartext (unlike Basic) and resists simple replay, but MD5 Digest is weak by modern standards and offers no body integrity by default. RFC 7616 added SHA-256 and qop=auth-int, but Digest should still only be used over TLS; prefer token-based auth for new systems.

What is qop=auth versus qop=auth-int?

qop=auth (authentication) protects only the request method and URI. qop=auth-int (authentication with integrity) also hashes the request body into HA2 as H(method:digestURI:H(entityBody)), protecting the payload from tampering at the cost of buffering the whole body.

HTTP Digest Auth Parameters

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

HTTP Digest Authentication

Digest auth is an HTTP challenge-response scheme that proves knowledge of a password without sending it in cleartext, by hashing it together with a server nonce. This reference lists every parameter in the WWW-Authenticate challenge and the Authorization response, plus the exact hashing algorithm — and a live computer that reproduces the response value.

How it works

The server replies 401 with a challenge; the client answers with a hashed response. With qop=auth the algorithm (RFC 7616) is:

HA1 = H(username ":" realm ":" password)
HA2 = H(method ":" digestURI)
response = H(HA1 ":" nonce ":" nc ":" cnonce ":" qop ":" HA2)

H is the function named by algorithm — MD5 by default or SHA-256. The legacy form (no qop) is response = H(HA1 ":" nonce ":" HA2). With qop=auth-int, HA2 = H(method ":" digestURI ":" H(entityBody)) so the body is covered too. The client returns username, realm, nonce, uri, qop, nc, cnonce, response and echoes opaque.

Tips and notes

nc is an 8-digit hex counter that must increase for each request reusing the same nonce; the server rejects repeats to block replay.
A stale=true flag means the nonce expired but the credentials were fine — the client retries with a fresh nonce, no password prompt needed.
MD5 Digest is cryptographically weak; use SHA-256 where supported and always run Digest over TLS.
The browser-side computer below uses Web Crypto for SHA-256; MD5 is computed with a small built-in implementation since Web Crypto does not provide it.