[Vmail-discuss] Re: vmail smtp auth

Donovan Craig support at mingle.com.au
Fri, 25 Jul 2003 17:00:17 +1000

Hi Jakob,

I understand that it is not possible to retrieve the original text
from an md5 string. However, what I am wanting to find out is if it is
possible to hash the sting that comes from the client then compare
this to the stored md5 sting.

Basically manipulate the string on the left to compare it with the
string on the right.

Am I totally lost here or does this make sense :)



On Fri, 25 Jul 2003 02:02:25 +0200
"Jakob Hirsch" <jh@plonk.de> was rumoured to have said:

> Donovan Craig wrote:
> > It would be perfect if we were able to:
> > successfully authenticate if md5(entered password) = mydbpassword
> With PLAIN and LOGIN this is no problem, since the password gets
> base64-encoded over the line.
> CRAM-MD5 is a challange-response method using MD5 as a one-way
> hashing method, so it is not possible to retrieve the password.
> _______________________________________________
> vmail-discuss mailing list
> vmail-discuss@lists.beasts.org
> http://lists.beasts.org/mailman/listinfo/vmail-discuss