"Kurt D. Zeilenga" wrote: > >I'm sure that I'm missing something very basic. > > The intent of DIGEST-MD5 is to offer relatively strong > authentication services between the client and the server > at low cost. Can somebody eavesdrop and extract response value (section 2.1.2.1) from the digest response and use the same response value to authenticate later ?