On 21 Oct 2005, at 08:08, Bernd Wurst wrote:
Hi. Am Donnerstag, 20. Oktober 2005 20:29 schrieb Phillip Hutchings:I think most people would agree that storing clear text passwords is preferable to transmitting clear text passwords across the internet.I don't agree. Storing cleartext password has two weak points 1. all users must *ultimately* trust the admin2. If someone cracks the backend (e.g. LDAP), all passwords of all usersare known.
1. If you can't trust the admin you can't trust the server. I wouldn't put my mail in the hands of an admin I don't trust. 2. Definitely a weak point, but everything has one. In my case I need to support users with cellphones that don't support SSL, so I have to allow MD5 authentication - it's the lesser of two evils.
Both lead to the situation that users should not use passwords that areused anywhere else. If one has *many* accounts, this is unacceptable. Just disable any kind of non-SSL-authentication and you don't have problems with plaintext-transmission. To spy inside a SSL connection, the only point to attack is amemory-trace of the running daemon process, when there's no connection,no cleartext password is available.
Of course, if you can't trust the application... -- Phillip Hutchings [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
