curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

use 'first hash' instead of password to do digest auth

From: Erik Janssen via curl-library <>
Date: Tue, 21 May 2019 16:13:18 +0000


Maybe this is not a curl question, and it is my lack of knowledge about storage of credentials getting in the way.

Reading made me realise that if I could store the username + password after first successful connection as "HA1", (thus: MD5(username:realm:password)), and reuse that value later on when the program runs again, then I can have reasonably secure storage of passwords in my application.

But libcurl would need to allow me obtaining that value, and passing HA1 later on instead of normal username+ password credentials, and of course authentication would have to be digest-only.

Does this make sense? Or is there a better/more common way for secure password storage I have overlooked.
Your feedback appreciated.



Received on 2019-05-21