First off, Online is right, the header you should be sending is Authorization, not Authentication. Other than that it seems, correct. According to RFC2617 which defines both the basic and digest authorization methods:
If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
And indeed, //echo -a $encode(Aladdin:open sesame,m) does return that string.
Also, waiting for WWW-Authenticate doesn't seem like a good idea. According to the RFC, the server MAY send this header, but that doesn't mean it has to.
If that doesn't work, what I'd suggest you do is download a little program called netcat and make it "fake" an http server on your machine. You then want to make it send out the stuff to tell your browser to authenticate. Doing this will allow you to see exactly what your browser is sending to the server.
