[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure pop

> On Fri, 10 Sep 1999, Rick Ballard wrote:
> ~ 
> ~ Try setting up your pop clients and server to use APOP. It does not 
> ~ send passwords in the clear. I am using it with an exim server and 
> ~ pegasus clients. I think outlook can do APOP, but I'm not entirely 
> ~ sure.
>  hmm.. can you eleborate what authentication scheme does it use then?

APOP uses a shared secret and an MD5 hash of a timestamp from the 
server plus the shared secret. APOP gets around the problem of transmitting 
the POP password in the clear. It does not encrypt the message itself. Two 
clients that can use APOP are Eudora and Pegasus. The Qpopper and 
Pop3d POP servers can use APOP. See RFC1939. APOP is an optional 
command in the POP protocol, and so is not implemented in all servers or 

Rick Ballard
Halifax, Nova Scotia, Canada

Visit your host, monkey.org