Re: MD5 Passwords in MySql?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Further to our previous discussion on the possibility of storing hashed
passwords in the imap authentication database.

I draw your attention to: http://www.ietf.org/rfc/rfc2195.txt, which
abstract clearly states;

"This specification provides a simple challenge-response authentication
protocol that is suitable for use with IMAP4. Since it utilizes
Keyed-MD5 digests and does not require that the secret be stored in the
clear on the server".

While I don't fully understand the cryptography details of the proposal
it is clear that the requirement to avoid storing clear text passwords
while retaining the security advantages of challenge-response is
possible.

Is there the possibility to implement this?

Charles Bradshaw  

On Tue, 2013-03-26 at 08:00 -0400, Adam Tauno Williams wrote:
> On Tue, 2013-03-26 at 10:17 +0000, Charles Bradshaw wrote: 
> > Thanks Guys
> > I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually
> > exclusive with hashed passwords.
> > D'oh! I think I even posted that fact in answer to a previous thread.
> 
> No problem, it happens to us all.  Yesterday I posted two messages to
> lists relating to issues that as soon as I posted them I found the
> answers right there in the documentation.  Right there!  I swear I had
> already looked twice. 
> 
> 


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux