On Wed, 2003-02-19 at 16:17, Kurt Bigler wrote: > > The requirement here is that > HASHA(HASHB(x)) equals HASHB(HASHA(x)) and perhaps this is not achievable > for existing HASHA functons in common use by client software. I don't know > anything about CHAP or other methods - these are just thoughts.
Doesn't matter *how* you do the hashing. If the client always sends the same thing, then it's sending the plain text password. In order to send a different hash on each exchange, the server needs to generate random data and send it as a challenge, and then hash that data with the user's password, so that the client can do the same thing. One way or another, you have to either store the authentication token, or send it over the wire. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
