[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: does popa3d support apop?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: does popa3d support apop?
- From: "David S." <davids_(_at_)_idiom_(_dot_)_com>
- Date: Wed, 21 May 2003 15:18:46 -0700
> > As mentioned previously stunnel, courier-imap etc will solve the
> > n the clear issue w/ POPS and IMAPS. APOP opens a whole new can of worms IMO.
> Worms? Can you elaborate on that? I don't quite understand what you mean (but
> I don't know that much about APOP :)
APOP uses a challenge-response authentication protocol, rather than
transmitting plain-text passwords over the wire like ordinary POP.
That provides some protection for POP passwords, but not very much,
because challenge-response protocols are quite vulnerable to
dictionary attacks. The risk becomes greater if your APOP users
also have shell accounts on the system, in which case they may be
tempted to synchronize their log-in and APOP passwords for the
sake of convenience.