Re: [exim] Setup for authenticated submission

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jakob Hirsch
Date:  
À: Bill Hacker
CC: exim
Sujet: Re: [exim] Setup for authenticated submission
Bill Hacker wrote:

>> it is NOT required to use STARTTLS, many prefer to use
>> CRAM-MD5 or similar schemes which aren't vulnerable to sniffing.
> How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable'
> than the current higher-level releases of SSL/TLS?


It is surely not (and Kjetil did not write this), but MD5 is not
"compromised". There was a collision attack published in 2004, practical
consequences are yet to be proven (AFAIK).

I'd rather use TLS, of course.