RE: Some comments on Digest Auth

David W. Morris (dwm@xpasc.com)
Wed, 21 Jan 1998 09:50:46 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Leach: "RE: Some comments on Digest Auth"
Previous message: David W. Morris: "RE: Some comments on Digest Auth"
In reply to: Paul Leach: "RE: Some comments on Digest Auth"

On Tue, 20 Jan 1998, Paul Leach wrote:

> irrelevant. The important property about plaintext is that it can be
> replayed. If Digest can be replayed, then it has the property of plaintext
> that we're trying to get rid of, and so we will have accomplished nothing.
> NOTHING!

No, the important property is that it allows recovery of passwords for
attack on other systems.

Dave Morris

Next message: Paul Leach: "RE: Some comments on Digest Auth"
Previous message: David W. Morris: "RE: Some comments on Digest Auth"
In reply to: Paul Leach: "RE: Some comments on Digest Auth"