On Tue, 9 Apr 1996 11:58:34 -0400 (EDT), you wrote:
AFAIK, none. I don't see how this would be helpful anyway. If you MD5 the password, I won't be able to snoop the password off the wire, but I can simply snoop the MD5 hash off the wire instead and since that's what your authentication check must now be against, what does this buy you?
It could be implemented thus: Server and client have a shared secret. The server sends the time, or some random # to the client which MD5's this number and the secret, and sends the result back to the server which then checks is. Similar to the APOP command for POP3 that I've never seen implemented. Brian ------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> ------- Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!) ============== 11 99 3D DB 63 4D 0B 22 15 DC 5A 12 71 DE EE 36 ============