From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 30 Jan 1997 00:14:23 -0600 From: Brandon Black photon@nol.net Subject: pop3 Topicbox-Message-UUID: 54bd51ee-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19970130061423.dTdPohSMU3XThNtyMipOLxSooJgzOocJL-NYFnHL0jw@z> On Wed, 29 Jan 1997, Russ Cox wrote: > >of secure authentication. if the client side had a useful operating > >system, you might interpose a `secure' connection between client and > >server, to prevent the password being seen. > > for that matter, if the client side had a useful operating > system, you could interpose a secure, authenticated connection > and not require a password. > > p.s. is apop somehow encrypted or disguised? i've only seen it > as an option in eudora. > Check out the rfc's I referred to (1731 and 1734 I _think_...)... They said something about "apop"... it had something to do with the server initially giving an identification message like: +OK Pop3 Server ready <123.45678@xxx.com> where xxx.com was the host, and 123 and 45678 were the pid of the server and some other number.. Then the user did a (md4 maybe?) hash of a string consisting of that server id string plus his/her password, and returned the hash to the server to authenticate... Or something like that... brandon ................................. .............. : Brandon Lee Black : [Office] :.............: [Personal] :.... :....................: brandon.black@wcom.com : photon@nol.net :....... : "Sanity is the : +1.281.362.6466 .......: photon@gnu.ai.mit.edu : : trademark of a :.................:..../\: vis_blb@unx1.shsu.edu : : weak mind. . ." : LDDS WorldCom, Inc. :\/: +1.281.397.3490 ......: :....................:.....................:..:.................: