strange behaviour authenticating to IMAP server with squirrelmail
Vladislav Kurz
vladislav.kurz at webstep.net
Mon Oct 9 08:37:42 EDT 2017
Dne Po 9. října 2017 13:25:12, Sebastian Hagedorn napsal(a):
> MD5 + TLS is still better than plaintext + TLS, IMHO. It's true that MD5 in
> itself doesn't do much good anymore, but I prefer it anyway.
>
> --On 9. Oktober 2017 um 11:47:46 +0100 Merlin Hartley
>
> <merlin at mrc-mbu.cam.ac.uk> wrote:
> > Why would you want to, you are already using TLS so what do you expect to
> > gain? plaintext+TLS
> >
> > md5 suffers from multiple inadequacies - so it seems pretty pointless to
> > me.
Hello,
I find the *-md5 (and all auxprop) authentications a bit of a problem as you
have to store passwords in plaintext on the server. Which imho is much higher
risk (stealing all passwords at once), than plaintext password + TLS.
Best regards
Vladki
More information about the Info-cyrus
mailing list