On Mon, 12 Mar 2001, Byung Jin Chun wrote:
> JMHO,
> but I think the point is if you have ssl available, why send
> a digest, and if you don't, then you are sending the md5 digest
> in the clear where it can be sniffed.
This is why you use the challenge-reposne. The server gives a challenge
(like the current time in millis). The server stores this. The client
combines the challenge with the passowrd (with concatenation, or other
technique). THIS combined string is hashed. This hash is sent to the
server. The server can calculate the same hash because it sent out the
challenge in the first place.
Like APOP...
Joe Laffey
LAFFEY Computer Imaging
St. Louis, MO
----------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
