MD5 Passwords in MySql?
Charles Bradshaw
brad at bradcan.homelinux.com
Fri Apr 12 09:08:40 EDT 2013
Further to our previous discussion on the possibility of storing hashed
passwords in the imap authentication database.
I draw your attention to: http://www.ietf.org/rfc/rfc2195.txt, which
abstract clearly states;
"This specification provides a simple challenge-response authentication
protocol that is suitable for use with IMAP4. Since it utilizes
Keyed-MD5 digests and does not require that the secret be stored in the
clear on the server".
While I don't fully understand the cryptography details of the proposal
it is clear that the requirement to avoid storing clear text passwords
while retaining the security advantages of challenge-response is
possible.
Is there the possibility to implement this?
Charles Bradshaw
On Tue, 2013-03-26 at 08:00 -0400, Adam Tauno Williams wrote:
> On Tue, 2013-03-26 at 10:17 +0000, Charles Bradshaw wrote:
> > Thanks Guys
> > I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually
> > exclusive with hashed passwords.
> > D'oh! I think I even posted that fact in answer to a previous thread.
>
> No problem, it happens to us all. Yesterday I posted two messages to
> lists relating to issues that as soon as I posted them I found the
> answers right there in the documentation. Right there! I swear I had
> already looked twice.
>
>
More information about the Info-cyrus
mailing list