Does the CRAM-SHA1 process hand a string that the mail server can eventually extract a 'normal' SHA1 hash out of?
If so, then it would be trivial to support SHA1 hash compares if the password hash is stored as SHA1 in the directory server. Storing clear text passwords sucks, legal departments and mgmt frown on it.. Matt Pavlovich On Wed, 2003-02-19 at 14:38, Brian Candler wrote: > On Wed, Feb 19, 2003 at 10:28:56AM -0600, Matt Pavlovich wrote: > > How does CRAM-SHA1 differ from a standard SHA1 hash? > > SHA1 is just a hash; CRAM-SHA1 is a mechanism for authenticating someone > using a challenge-response exchange, which happens to use SHA1 as part of > its protocol. > > CRAM-MD5 is documented in RFC2195, which was "deliberately written to permit > easy upgrading to use SHA" (so I'm not sure if there's a separate document > on CRAM-SHA1 per se). > > Regards, > > Brian. -- Matt Pavlovich <[EMAIL PROTECTED]> Allegiance Telecom, Inc. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
