Mailing List SIMS@mail.stalker.com Message #12597
From: LuKreme <kremels@kreme.com>
Subject: Re: APOP.
Date: Wed, 26 Feb 2003 01:28:00 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.551)
On Tuesday, Feb 25, 2003, at 15:02 Canada/Mountain, Chris Wagner wrote:
The hash is sent over the network to the server. The server does the same
thing and if the hashes match the user's password is valid.

So the SIMS box verifies the "encrypted"/hashed password and if valid,
allows access.

No.  the password is never sent.

let's say your password is "fred"

some information from the greeting banner is encrypted using "fred" as the key (or seed).  The server then takes the encrypted string and sees if it matches IT'S encryption of the same portion of the greeting banner.  If they match, the password is correct.

Wouldn't that tend to be more secure than leaving the other setting open?

I don't understand your question.  APOP is more secure than sending cleartext passwords.  This has nothing to do with any other server settings though, it only applies to the password phase.

--
If we get through this alive I'll meet you next week same place same time

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster