[jdev] MD5 auth problem
Norman Rasmussen
norman at rasmussen.co.za
Thu May 25 07:56:43 CDT 2006
On 5/25/06, Tony Finch <dot at dotat.at> wrote:
> AFAIK most DIGEST-MD5 implementations keep bare passwords on the server,
> so a server compromise would expose them all.
It depends if it's a actual server compromise, or the attacker has
only been able subvert the client's connection.
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JDev
mailing list