On Fri, 11 Aug 2000, Michael A. Johnson-Bio Sci Comp Svcs wrote:
> from my laptop at home). Consider it as secure as telnet, as the passwords
> transmit at clear text.
No they're not. My understanding is that the server sends the client a
block of data, and the client uses the password given to modify that data,
returning the modified data to the server. The server keeps a plaintext
password, modifies the original data the same way the client should, and
compares the two blocks.
My understanding is that the password protocol is not cryptographically
secure (it's vulnerable to attacks) but is is definately _not_ plaintext.
MSG
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
