|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Authenticated POP (was Re: [Plug] Microsoft Striks [sic] Again)
|
Hello fellow PLUG members,
Actually, POP can support encrypted passowrds via the extension
referenced in RFC 1734, "POP3 AUTHentication command". Some POP clients
that support APOP include Microsoft Outlook Express, Eudora Lite,
and Claris EMailer. APOP-compliant POP servers include Qualcomm QPopper
2.2 and higher as well as Microsoft Exchange.
-Andrew
On Tue, 31 Aug 1999, Michael W. Ryan wrote:
> On Tue, 31 Aug 1999, Nick R wrote:
>
> > Umm, aren't the passwords encrypted?
>
> Nope. Only if the protocol supports encrypted passwords, and POP isn't
> one of them. POP is clear text. So is HTTP. If you capture packets,
> you can reconstruct a persons session VERBATIM, headers, content,
> everything.
>
> Michael W. Ryan, MCP, MCT | OTAKON 1999
> mryan@netaxs.com | Convention of Otaku Generation
> http://www.netaxs.com/~mryan/ | http://www.otakon.com/
>
> PGP fingerprint: 7B E5 75 7F 24 EE 19 35 A5 DF C3 45 27 B5 DB DF
> PGP public key available by fingering mryan@unix.netaxs.com (use -l opt)
>
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|