Re: [Exim] CRAM-MD5 with no clear password

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MWakko Warner at <-
M 
Delete this message
Reply to this message
Author: Calum Mackay
Date:  
To: Nico Erfurth
CC: Silmar A. Marca, exim-users
Subject: Re: [Exim] CRAM-MD5 with no clear password
Nico Erfurth wrote:
> With CRAM the password is NEVER transmitted over the wire, CRAM means
> Challenge-Response-Authentication-Mechanism. The idea is to encrypt some
> random string with the password on both sides and compare the encrypted
> strings. So you need the PLAINTEXT passwords on both sides.

Actually, with the MD5 digest that's used in CRAM, this isn't the case,
I believe. It is possible to pre-compute part of the calculation, and
store this, instead of the plaintext password, at one end.

Not with exim currently mind you, but it is possible from an MD5 point
of view.

cheers,
c.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] headers remove for bounce mails?[Exim] Sender address does not resolve?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)