Re: [Exim] SMTP AUTH process

Top Page
Delete this message
Reply to this message
Author: Rick Ennis
Date:  
To: John Burnham
CC: exim-users
Subject: Re: [Exim] SMTP AUTH process
> > OR, are most people that are setting up SMTP AUTH also using TLS??
> There is that. But you're misunderstanding how CRAM-MD5 works. Have a
> quick look at http://www.krkeegan.com/smtp_auth/


Aha! That explains it. So it's not sending the same MD5 hash of the
secret each time. It's using the secret to hash the ticket/test string
that the server sends. Or vice versa. But the point being that it's using
the server's string which is constantly changing. So it's not static text.
That makes a great deal more sense. Thanks for the info and quick
response.

Rick

----- Original Message -----
From: "John Burnham" <jpb@???>
To: "Rick Ennis" <ennis@???>
Sent: Thursday, May 02, 2002 12:42 PM
Subject: Re: [Exim] SMTP AUTH process


>
> > OR, are most people that are setting up SMTP AUTH also using TLS??
>
> There is that. But you're misunderstanding how CRAM-MD5 works. Have a
> quick look at http://www.krkeegan.com/smtp_auth/
> or
> http://www.ritlabs.com/securebat/authentication.html
> John
>
>
>