Re: [exim] Setup for authenticated submission

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jakob Hirsch
Ημερομηνία:  
Προς: Bill Hacker
Υ/ο: exim
Αντικείμενο: Re: [exim] Setup for authenticated submission
Bill Hacker wrote:

>> it is NOT required to use STARTTLS, many prefer to use
>> CRAM-MD5 or similar schemes which aren't vulnerable to sniffing.
> How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable'
> than the current higher-level releases of SSL/TLS?


It is surely not (and Kjetil did not write this), but MD5 is not
"compromised". There was a collision attack published in 2004, practical
consequences are yet to be proven (AFAIK).

I'd rather use TLS, of course.