Autor: Tamas TEVESZ Data: A: exim-users CC: pop-imap Assumpte: Re: [Exim] a more or less special mail solution
On Sat, 31 Aug 2002, Jeremy C. Reed wrote:
> Having the passwords stored encrypted and sending a shared secret and then
> hash back would be good.
no. it's impossible. you either store clear and transmit hash, or
transmit clear and store hash.
with cram (hmac), it's possible to _obfuscate_ the stored cleartext
password, but it's just obfuscation (xor, exactly).
> Anyone know of a POP3 (or related) standard that is commonly used by
> popular mail clients that does that?
none. and as long as it's hmac in use, there won't be any, either.