Digest　Access　Authentication　was　originally　proposed　to　provide　peer　authentication　and　data　encryption　in　HTTP　protocols.　It　has　been　widely　employed　along　with　the　deployment　of　SASL.　In　this　paper,　we　implement　a　password　recovery　attack　to　Digest　Access　Authentication　that　can　recover　passwords　as　long　as　48　characters　in　overall　off-line　computation　about　2　35　MD5　compressions　and　8084　on-line　queries.　This　confirms　that　the　security　of　Digest　Access　Authentication　is　totally　broken,　and　all　applications　based　on　that　must　be　re-evaluated　seriously.　Further,　we　prove　that　the　security　of　the　hashing　scheme　H(CP),　where　H　is　a　hash　function,　C　is　a　challenge　and　P　is　a　shared　password,　is　totally　dependent　on　the　collision　resistance　of　H,　instead　of　the　pre-image　resistance.　Such　scheme　can＇t　be　used　in　challenge　and　response　protocols　to　protect　the　shared　password.　Finally,　we　prove　that　some　hashing　schemes　like　H(H(CP))　provide　no　more　security　than　H(CP),　in　the　aspect　of　collision　resistance.　©　2011　IEEE.