Re: [Exim] a more or less special mail solution

Pàgina inicial
Delete this message
Reply to this message
Autor: Tamas TEVESZ
Data:  
A: exim-users
CC: pop-imap
Assumpte: Re: [Exim] a more or less special mail solution
On Sat, 31 Aug 2002, Jeremy C. Reed wrote:

> Having the passwords stored encrypted and sending a shared secret and then
> hash back would be good.


no. it's impossible. you either store clear and transmit hash, or
transmit clear and store hash.

with cram (hmac), it's possible to _obfuscate_ the stored cleartext
password, but it's just obfuscation (xor, exactly).

> Anyone know of a POP3 (or related) standard that is commonly used by
> popular mail clients that does that?


none. and as long as it's hmac in use, there won't be any, either.


--
(void)