From 4da0d60e92af20bda681881810088f5a3977552b Mon Sep 17 00:00:00 2001
From: Arturo Bernal <abernal@apache.org>
Date: Fri, 1 Nov 2024 22:33:34 +0100
Subject: [PATCH] Increase MD5 cnonce length to 16 bytes for full 128-bit
 entropy

---
 .../java/org/apache/hc/client5/http/impl/auth/DigestScheme.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
index a9b5d6a6e3..7e8a153a9f 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
@@ -556,7 +556,7 @@ static byte[] createCnonce(final String algorithm) {
                 break;
             case "MD5":
             default:
-                length = 8;
+                length = 16;
                 break;
         }
         final byte[] tmp = new byte[length];