Re: [exim] Setup for authenticated submission

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M--\Matthew Byng-Maddick at <-
M+\MJakob Hirsch at ->
Delete this message
Reply to this message
Author: Jakob Hirsch
Date:  
To: Bill Hacker
CC: exim
Subject: Re: [exim] Setup for authenticated submission
Bill Hacker wrote:

>> it is NOT required to use STARTTLS, many prefer to use
>> CRAM-MD5 or similar schemes which aren't vulnerable to sniffing.
> How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable'
> than the current higher-level releases of SSL/TLS?

It is surely not (and Kjetil did not write this), but MD5 is not
"compromised". There was a collision attack published in 2004, practical
consequences are yet to be proven (AFAIK).

I'd rather use TLS, of course.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Setup for authenticated submissionRE: [exim] best practices for set up and authentication->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)