Bill Hacker wrote: >> it is NOT required to use STARTTLS, many prefer to use >> CRAM-MD5 or similar schemes which aren't vulnerable to sniffing. > How, pray tell, is the know-long-ago-compromised MD5 less 'vulnerable' > than the current higher-level releases of SSL/TLS?
It is surely not (and Kjetil did not write this), but MD5 is not "compromised". There was a collision attack published in 2004, practical consequences are yet to be proven (AFAIK). I'd rather use TLS, of course. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/