What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication?

Base64 is not encryption -- it's an encoding. It's a way of representing binary data using only printable (text) characters.

See this paragraph from the wikipedia page for HTTP Basic Authentication:

While encoding the user name and password with the Base64 algorithm typically makes them unreadable by the naked eye, they are as easily decoded as they are encoded. Security is not the intent of the encoding step. Rather, the intent of the encoding is to encode non-HTTP-compatible characters that may be in the user name or password into those that are HTTP-compatible.


It's normally called base64 encoding, not encryption! The nice thing about base64 encoding is it allows you to represent (binary) data using only a limited, common-subset of the available characters, far more efficiently than just writing a string of 1s and 0s as ASCII for example.


Encryption requires a key (string or algorithm) in order to decrypt; hence the "crypt" (root:cryptography)

Encoding modifies/shifts/changes a character code into another. In this case, usual bytes of data can now be easily represented and transported using HTTP.