基本认证和密码认证有什么区别?
[英]What is the difference between basic authentication and cryptographic authentication?
问题描述
What are the main differences between these two authentication methods? 
这两种身份验证方法之间的主要区别是什么?
And when would you use one over the other? 您什么时候可以使用另一个?
1 个解决方案
解决方案1
3 已采纳 2014-06-10 18:02:06
Basic authentication is just sending the username + password to the server . 基本身份验证只是将用户名和密码发送到服务器 。
Cryptographic authentication is a generic term that may include any kind of authentication that uses cryptographic algorithms to authenticate the entities. 密码认证是一个通用术语,可以包括使用密码算法对实体进行认证的任何类型的认证。 Most of the time it will consist of a challenge response protocol , where the response is created by encrypting or keyed hashing over the challenge. 大多数情况下,它将由质询响应协议组成 ,在该协议中 ,响应是通过对质询进行加密或密钥哈希来创建的。 As only the person that knows the key (/password) is able to create a cryptogram that way, the other party knows who has performed the authentication. 由于只有知道密钥(/密码)的人才能以这种方式创建密码,所以另一方知道谁执行了身份验证。
Note that basic authentication over SSL/TLS is may be more secure than cryptographic authentication over an unprotected http transport layer. 请注意,通过SSL / TLS进行基本身份验证可能比通过未受保护的http传输层进行密码身份验证更安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.