Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

by Timothy D. Morgan In this paper, we compare the security weaknesses and usability limitations of both cookie-¬≠based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authentication schemes, such as … Continue reading Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

by Timothy D. Morgan Recent history has proven that web communications security is highly lacking in redundancy. That is, simple breaks in common protocols, such as SSL/TLS or the authentication mechanisms which support it, often lead to catastrophic gaps in security. Recent examples of this fragile architecture abound, and even when protocols and implementations themselves … Continue reading Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks