[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] httpd and authentication

From: Giuseppe Modugno
Subject: [lwip-users] httpd and authentication
Date: Sat, 11 Nov 2017 08:16:29 +0100

I'd like to protect some or all web pages and show them only to authorized people. I understood there are two methods: basic and digest.

Basic is simpler, but it is unsecure (because it uses base64). In this case you need TLS.
Digest is more complicated but it is more secure (it uses MD5 algorithm and a nonce to protect data).

Are there some examples of both methods with lwip? 

I suppose TLS needs a cryptographic dedicated hw, right?
Is digest/MD5 really more secure than basic authentication? MD5 is only a hash algorithm. I think it is simple to decode username and password after sniffing nonce (send by the server) and hash (send by the client).

Any suggestion?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]