Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants:
1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection. What is your opinion? Best, ML
