Tools / Security / Vol II

SIP Digest Authentication Calculator

Compute the same response= hash a UA writes into its Authorization: header — given the WWW-Authenticate challenge, the user's password, and the request. Supports MD5, MD5-sess, SHA-256, and SHA-256-sess per RFC 7616 / 2617. Paste the challenge line and the form auto-fills; paste an observed response= to verify whether the credentials match.

Everything runs in your browser. The password and challenge you paste are never sent to any server — no network requests, no logging. Safe to use with real credentials.

Paste a challenge (optional)

Paste a WWW-Authenticate: Digest … or Proxy-Authenticate: Digest … line straight from a 401 / 407 response — the form below will pre-fill realm, nonce, algorithm, and qop.

Credentials & request

MD5 is the SIP legacy default; SHA-256 is RFC 7616. The -sess variants pin HA1 to the nonce + cnonce, so an attacker can't re-use it across sessions.

The URI the client copies into uri= — usually the Request-URI of the protected request.

Result

Response computed
HA1
HA2
response
Full Authorization header
 

Reading the math

HA1 — the derived secret

HA1 = H(username:realm:password). The server stores HA1, not the password. With -sess the definition extends to H(H(username:realm:password):nonce:cnonce) so the same HA1 can't be replayed across sessions.

HA2 — the request fingerprint

HA2 = H(method:digest-uri). With qop=auth-int it becomes H(method:digest-uri:H(entity-body)), so a man-in-the-middle that flips a byte of the SDP invalidates the digest.

response — proof of knowledge

With qop: response = H(HA1:nonce:nc:cnonce:qop:HA2). Without qop (RFC 2069 legacy): response = H(HA1:nonce:HA2). The server runs the same computation and compares — no password is ever transmitted.

nonce vs cnonce

The nonce is server-issued (one-time, time-bounded); the cnonce is client-issued and required when qop is set. The cnonce stops the server from being a chosen-plaintext oracle for the client's HA1. RFC 7616 says cnonce SHOULD be unpredictable — the Generate button here uses crypto.getRandomValues.

nc — nonce count

An 8-hex-digit counter the client increments on every request that re-uses the same nonce. The server uses it to detect replay — if the same (nonce, nc) arrives twice, reject. Starts at 00000001.

Why MD5 is deprecated

RFC 8760 deprecates Digest with MD5 in SIP. MD5 is cryptographically broken — collision resistance is gone, and prefix attacks against HA1 are tractable on commodity hardware. Still, the vast majority of fielded SIP gear defaults to MD5. SHA-256 is the migration target, with SHA-512/256 available where supported.

401 vs 407 — same math

401 Unauthorized challenges with WWW-Authenticate and is answered with Authorization; 407 Proxy Authentication Required uses Proxy-Authenticate + Proxy-Authorization. The digest math is identical — just the header names change. The challenge parser here accepts either.

stale=true

If the server replies 401 stale=true, the password was right but the nonce has expired (or the nc was reused). The client should re-issue with the new nonce — the credentials are still valid.