Author: Calum Mackay Date: To: Nico Erfurth CC: Silmar A. Marca, exim-users Subject: Re: [Exim] CRAM-MD5 with no clear password
Nico Erfurth wrote: > With CRAM the password is NEVER transmitted over the wire, CRAM means
> Challenge-Response-Authentication-Mechanism. The idea is to encrypt some
> random string with the password on both sides and compare the encrypted
> strings. So you need the PLAINTEXT passwords on both sides.
Actually, with the MD5 digest that's used in CRAM, this isn't the case,
I believe. It is possible to pre-compute part of the calculation, and
store this, instead of the plaintext password, at one end.
Not with exim currently mind you, but it is possible from an MD5 point
of view.