# Firefox 93 is one of the first browsers to support SHA256 and SHA512 algorithms besides the old unsecure MD5 for Digest-Authentication



## obsigna (Oct 5, 2021)

Firefox 93 is the actual one in the ports and in the latest packages.

With that a 13 years old feature request has been finally closed:





						472823 - SHA 256 Digest Authentication
					

RESOLVED (gs-bugzilla.mozilla.org) in Core - Networking. Last updated 2022-02-27.




					bugzilla.mozilla.org
				




Perhaps not everybody knows it, 6 years ago, the RFC2617 about HTTP authentication was obsoleted by RFC7616 (among others).

RFC7616 brought to us SHA256 and SHA512 as the preferred hash algorithms for digest authentication, while it maintained the old MD5 algorithm for backwards compatibility.

Now, hurray, Firefox 93 has it, and reportedly Opera is the only other one which has it as well. In said thread on Bugzilla, I wrote a message on why this is important: https://bugzilla.mozilla.org/show_bug.cgi?id=472823#c14


> The reason why the "old kind of" digest authentication got very little interest nowadays is exactly because of the weakness of MD5, and because everybody has been told to go with TLS anyway so the authentication can be as simple as asking for a password on the web site and generate a session cookie. Simply ask the big five suppliers of firewall appliances how many DPI systems with TLS interception they deploy per year. How many people enter their private web-mailer from work, and don't even know that their login credentials would be visible to a dedicated company admin. How many people open the day or the other their WordPress Blog from behind a DPI-FW? The most critical part of this web-traffic are the credentials and these would be safe by SHA256-Digest-Authentication over TLS.
> 
> Another advantage of digest authentication compared to other web site authentication methods is, that the credentials are passed in the HTTP message header and not in the HTTP message body (not to be confused with HTML header/body). With digest authentication you could safely utilize HTTP message body compression without having to fear about the "BREACH" family of attacks.


Now, we need more support in web servers.

My own embedded web server which runs in FreeBSD on ARM SoCs and which I wrote in C for controlling electrochemical measurement devices does support it. Here is a session transcript from the debug console (only active on my development machine):

The web service asks for authentication, offering SHA256 besides the old MD5 algorithm:

```
HTTP/1.1 401 Unauthorized
Date: Tue, 05 Oct 2021 21:05:59 GMT
Server: CyControl/1.0 (r907M)
WWW-Authenticate: Digest realm="MyDevice",qop="auth",algorithm=SHA-256,nonce="5bbcbe824b4b4db3c6bb7fd1db6b941a5c715ff0245134c6e3a1b20d0d53296e00000000"
WWW-Authenticate: Digest realm="MyDevice",qop="auth",algorithm=MD5,nonce="5bbcbe824b4b4db3c6bb7fd1db6b941a5c715ff0245134c6e3a1b20d0d53296e00000000"
Content-Length: 176
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
```

Firefox 93 chooses the better authentication method SHA256 from the both which were offered:

```
GET /.cysim.html HTTP/1.1
Host: 192.168.0.17
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:93.0) Gecko/20100101 Firefox/93.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Authorization: Digest username="rolf", realm="MyDevice", nonce="5bbcbe824b4b4db3c6bb7fd1db6b941a5c715ff0245134c6e3a1b20d0d53296e00000000", uri="/.cysim.html", algorithm=SHA-256, response="9d130b3f2d9afd9a013fdd4b5338cd96c43ceeebdcedd16df831f8a60c17c501", qop=auth, nc=00000001, cnonce="303250ae0020844e"
```

There are some browsers for example Epiphany which do not work when more than one WWW-Authenticate headers are present, while others simply stay with MD5.

Anyway, this is a first big step, and it looks good.


----------



## msplsh (Oct 6, 2021)

Woah, that is great!  I like to use HTTP Auth despite the problems (low-grade key, always use a second method) but this will make it way more useful in more situations.


----------

