Yes, the RTSP digest authentication protocol is secure; passwords do not get
sent over the net.
Instead, the way it works is that server sends, to the client, a randomly
generated string (i.e., different each time) - called a “nonce”; see
https://en.wikipedia.org/wiki/Cryptographic_nonce
- as a challenge. The client then responds by computing a cryptographic hash
of the ‘nonce' and the password, and sending this hash back to the server.
(The cryptographic hash cannot practically be reversed, so an eavesdropper
cannot deduce the password from the hash.) The server then compares this hash
with what it knows that the hash should be (from its known password), to check
whether the client knew the correct password.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
