strange behaviour authenticating to IMAP server with squirrelmail

Vladislav Kurz vladislav.kurz at webstep.net
Mon Oct 9 08:37:42 EDT 2017


Dne Po 9. října 2017 13:25:12, Sebastian Hagedorn napsal(a):
> MD5 + TLS is still better than plaintext + TLS, IMHO. It's true that MD5 in
> itself doesn't do much good anymore, but I prefer it anyway.
> 
> --On 9. Oktober 2017 um 11:47:46 +0100 Merlin Hartley
> 
> <merlin at mrc-mbu.cam.ac.uk> wrote:
> > Why would you want to, you are already using TLS so what do you expect to
> > gain? plaintext+TLS
> > 
> > md5 suffers from multiple inadequacies - so it seems pretty pointless to
> > me.

Hello,

I find the *-md5 (and all auxprop) authentications a bit of a problem as you 
have to store passwords in plaintext on the server. Which imho is much higher 
risk (stealing all passwords at once), than plaintext password + TLS.


Best regards
Vladki


More information about the Info-cyrus mailing list