9fans archive / 1997 / 01 / 33 / prev next From: Brandon Black photon@nol.net Subject: pop3 Date: Thu, 30 Jan 1997 00:14:23 -0600 (CST) On Wed, 29 Jan 1997, Russ Cox wrote: > >of secure authentication. if the client side had a useful operating > >system, you might interpose a `secure' connection between client and > >server, to prevent the password being seen. > > for that matter, if the client side had a useful operating > system, you could interpose a secure, authenticated connection > and not require a password. > > p.s. is apop somehow encrypted or disguised? i've only seen it > as an option in eudora. > Check out the rfc's I referred to (1731 and 1734 I _think_...)... They said something about "apop"... it had something to do with the server initially giving an identification message like: +OK Pop3 Server ready <123.45678@xxx.com> where xxx.com was the host, and 123 and 45678 were the pid of the server and some other number.. Then the user did a (md4 maybe?) hash of a string consisting of that server id string plus his/her password, and returned the hash to the server to authenticate... Or something like that... brandon ................................. .............. : Brandon Lee Black : [Office] :.............: [Personal] :.... :....................: brandon.black@wco... : photon@nol.net :....... : "Sanity is the : +1.281.362.6466 .......: photon@gnu... : : trademark of a :.................:..../\: vis_blb@unx... : : weak mind. . ." : LDDS WorldCom, Inc. :\/: +1.281.397.3490 ......: :....................:.....................:..:.................: