Auteur: Jakob Hirsch Date: À: Bill Hacker CC: exim Sujet: Re: [exim] Setup for authenticated submission
Bill Hacker wrote:
>> it is NOT required to use STARTTLS, many prefer to use
>> CRAM-MD5 or similar schemes which aren't vulnerable to sniffing.
> How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable'
> than the current higher-level releases of SSL/TLS?
It is surely not (and Kjetil did not write this), but MD5 is not
"compromised". There was a collision attack published in 2004, practical
consequences are yet to be proven (AFAIK).