HMAC Authentication REST

digest $=$ base$64$encode$($hmac$("$sha$256",$ "secret",

"GET$+/$users$/$username$/$account$"))$

GET$/$users$/$username$/$account HTTP$/1\mathrm{.}1$

Host:

example.org

Authentication: hmac username:$[$digest$]$

Which of the following statements about the snippet above is$/$are false?

Pick ONE OR MORE options

It is the most secure way to transmit credentials in HTTP headers for authentication and authorization in

REST API's when using GET.

A hacker listening for the above request will never be able to use the credentials to access any other

resource on the server.

The request can be made more secure by adding the 'Nonce' and 'Date' fields to the digest string.

Using the user's password instead of the text 'secret' will make the request more secure$.$