Re: How secure is your e-mail password?



On Mon, 20 Sep 2010 14:42:13 +0200, Anonymous Remailer (austria) wrote:

http://news.cnet.com/8301-27080_3-20016442-245.html?tag=topImage3

I don't understand why most POP email is still authenticated using
cleartext passwords instead of digest (hash) based authentication (which
doesn't send the password itself but a hash of the password). Anyone can
steal your e-mail password by simply monitoring on a public network.

That's also true if you send a hash of the password, rather than
the password itself, in the clear. It makes no difference to the attacker
what the original password may have been.
.



Relevant Pages

  • Re: Windows authentification : HTTP header "AUTHORIZATION" ?
    ... Digest also does not transmit the password clear-text; rather, a hash of the ... use Basic authentication (or ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: [Full-disclosure] JavaScript exploits via source code disclosure
    ... Hash: SHA1 ... If his users are authenticated via say regular form login, ... pass some sort of hash which identifies the user and session to the ... authentication, your webservice's are just as public as any ...
    (Full-Disclosure)
  • RE: Windows NTFS Authentication Caching
    ... Subject: Windows NTFS Authentication Caching ... I believe Carol means that they have an NT Box running IIS as their ... This hash is stored on the server. ...
    (Security-Basics)
  • Re: How secure is your e-mail password?
    ... cleartext passwords instead of digest based authentication (which ... doesn't send the password itself but a hash of the password). ... steal your e-mail password by simply monitoring on a public network. ...
    (sci.crypt)
  • Re: Validate user/pass with Windows accounts
    ... Why I don't use standard NT authentication mecanism? ... NT security haven't been designed for Remoting. ... it shouldn't be a problem passing the password simply ... What's important is to only store a hash. ...
    (microsoft.public.dotnet.security)