Firewall Wizards mailing list archives
Re: APOP and qpopper2.4, how safe?
From: daemond () ibm net
Date: Wed, 10 Dec 1997 01:20:07 -0500 (EST)
----------------------------------------------------------------------------- Spammers beware: I do not buy from companies that spam! ***************************************************************************** On Tue, 9 Dec 1997, Dave Roberts wrote: *->On Mon, 8 Dec 1997, Marc Goldburg wrote: *-> *->> One option would be to have these people get accounts with local ISP's and *->> then use APOP over the internet to retrieve their mail. Lost the original persons e-mail, but needed to ask this: APOP uses an encrypted password, but does this change from session to session? If not then APOP is not really much more secure than regular POP (since all a hacker needs to do to get a persons e-mail is to replay the encrypted password). The only upside I can see is that it denies a hacker shell or ftp access using that persons account (provided that no one figures out how to decrypt an encrypted APOP password). Geoff daemond () ibm net
Current thread:
- APOP and qpopper2.4, how safe? Marc Goldburg (Dec 08)
- Re: APOP and qpopper2.4, how safe? Dave Roberts (Dec 09)
- Re: APOP and qpopper2.4, how safe? daemond (Dec 11)
- Re: APOP and qpopper2.4, how safe? Dave Roberts (Dec 11)
- Re: APOP and qpopper2.4, how safe? daemond (Dec 11)
- Re: APOP and qpopper2.4, how safe? Dave Roberts (Dec 09)