An MD5 hash is used for sending encrypted user credentials across a network within an HTTP header. An MD5 hash, also known as the MD5 message-digest, is created by an HTTP 1.1 compliant browser such as Internet Explorer 5.0 and above, using the MD5 message-digest algorithm as defined in RFC 1321.
Note The MD5 hash is a security improvement over base64 encoded clear text passwords, because a base64 encoded passwords that are intercepted, using a network sniffer, are a trivial matter to decode and use by an unauthorized person. A user name and password that is encrypted using the MD5 message-digest algorithm cannot be feasibly decrypted from the hash.
An MD5 hash contains a users name, password, and the name of the realm. The realm is the domain that will authenticate or reject the users credential. The users credential is the password that is encrypted within the MD5 hash.
For information about setting the realm name on an IIS server, see Configuring Digest Authentication or Configuring Advanced Digest Authentication.
MD5 Hash Properties
An MD5 hash consists of a small amount of binary data, typically no more than 160 bits, and is sent by across the network within an HTTP header. All hash values share the following properties:
For more information about the MD5 hash (message-digest) algorithm, see RFC 1321.