Paste a challenge (optional)
Paste a WWW-Authenticate: Digest … or
Proxy-Authenticate: Digest … line straight from
a 401 / 407 response — the form below will pre-fill realm,
nonce, algorithm, and qop.
Compute the same response= hash a UA writes into
its Authorization: header — given the
WWW-Authenticate challenge, the user's password,
and the request. Supports MD5, MD5-sess, SHA-256, and
SHA-256-sess per RFC 7616 / 2617. Paste the challenge
line and the form auto-fills; paste an observed
response= to verify whether the credentials match.
Everything runs in your browser. The password and challenge you paste are never sent to any server — no network requests, no logging. Safe to use with real credentials.
Paste a WWW-Authenticate: Digest … or
Proxy-Authenticate: Digest … line straight from
a 401 / 407 response — the form below will pre-fill realm,
nonce, algorithm, and qop.
Authorization header HA1 = H(username:realm:password). The server stores HA1, not the password. With -sess the definition extends to H(H(username:realm:password):nonce:cnonce) so the same HA1 can't be replayed across sessions.
HA2 = H(method:digest-uri). With qop=auth-int it becomes H(method:digest-uri:H(entity-body)), so a man-in-the-middle that flips a byte of the SDP invalidates the digest.
With qop: response = H(HA1:nonce:nc:cnonce:qop:HA2). Without qop (RFC 2069 legacy): response = H(HA1:nonce:HA2). The server runs the same computation and compares — no password is ever transmitted.
The nonce is server-issued (one-time, time-bounded);
the cnonce is client-issued and required when qop is
set. The cnonce stops the server from being a chosen-plaintext
oracle for the client's HA1. RFC 7616 says cnonce SHOULD
be unpredictable — the Generate button here uses
crypto.getRandomValues.
An 8-hex-digit counter the client increments on every request that re-uses the same nonce. The server uses it to detect replay — if the same (nonce, nc) arrives twice, reject. Starts at 00000001.
RFC 8760 deprecates Digest with MD5 in SIP. MD5 is cryptographically broken — collision resistance is gone, and prefix attacks against HA1 are tractable on commodity hardware. Still, the vast majority of fielded SIP gear defaults to MD5. SHA-256 is the migration target, with SHA-512/256 available where supported.
401 Unauthorized challenges with
WWW-Authenticate and is answered with
Authorization; 407 Proxy Authentication
Required uses Proxy-Authenticate +
Proxy-Authorization. The digest math is identical
— just the header names change. The challenge parser
here accepts either.
If the server replies 401 stale=true, the password was right but the nonce has expired (or the nc was reused). The client should re-issue with the new nonce — the credentials are still valid.