[standards-jig] auth & reg redux

Jacek Konieczny jajcus at bnet.pl
Sat May 31 13:12:53 UTC 2003


On Fri, May 30, 2003 at 08:38:03PM +0200, Tijl Houtbeckers wrote:
> With edigist we made it possible to register without exposing your 
> password to the server. If MD5-Digest really is simular to what edigest 
> was going to be, it should be possible to do the same.

It is posible with DIGEST-MD5. And DIGEST-MD5 solves some other problems
not solved by edigest - eg. server authentication additionaly to client
authentication (client can assure that the server is the one which
"knows" the password and not just one that pretends it knows). And with
the DIGEST-MD5 hashed password stored on the server cannot be used to
authenticate to servers and services in other realm.

Greets,
        Jacek



More information about the Standards mailing list