What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication?

by

Base64 is not encryption — it’s an encoding. It’s a way of representing binary data using only printable (text) characters.

See this paragraph from the wikipedia page for HTTP Basic Authentication:

While encoding the user name and password with the Base64 algorithm typically makes them unreadable by the naked eye, they are as easily decoded as they are encoded. Security is not the intent of the encoding step. Rather, the intent of the encoding is to encode non-HTTP-compatible characters that may be in the user name or password into those that are HTTP-compatible.

More Related Contents:

  1. Fundamental difference between Hashing and Encryption algorithms
  2. Difference between Hashing a Password and Encrypting it
  3. Salt Generation and open source software
  4. Why is security through obscurity a bad idea? [closed]
  5. SHA512 vs. Blowfish and Bcrypt [closed]
  6. Encrypting/Hashing plain text passwords in database [closed]
  7. Are HTTPS headers encrypted?
  8. The necessity of hiding the salt for a hash
  9. Password hashing, salt and storage of hashed values
  10. Why is using a Non-Random IV with CBC Mode a vulnerability?
  11. What algorithm should I use to hash passwords into my database? [duplicate]
  12. Differences Between Rijndael and AES
  13. Is it worth encrypting email addresses in the database?
  14. Should I impose a maximum length on passwords?
  15. MD5 security is fine? [closed]
  16. What’s wrong with XOR encryption?
  17. XMLHttpRequest cannot load file. Cross origin requests are only supported for HTTP
  18. Why Does OAuth v2 Have Both Access and Refresh Tokens?
  19. Encrypt Password in Configuration Files? [closed]
  20. What is the best way to prevent session hijacking?
  21. How to restrict Firebase data modification?
  22. Will HTML Encoding prevent all kinds of XSS attacks?
  23. Are Google Cloud Functions protected from DDoS attacks?
  24. OAuth2 and Google API: access token expiration time?
  25. https URL with token parameter : how secure is it?
  26. SSL Error: unable to get local issuer certificate
  27. How to send password securely via HTTP using Javascript in absence of HTTPS?
  28. My website got hacked.. What should I do? [closed]
  29. Am I under risk of CSRF attacks in a POST form that doesn’t require the user to be logged in?
  30. Understanding CSRF

Leave a Comment