Rocco Rutte wrote on 15 Mar 2007 11:33:49 +0100: > Well, this is a difficult issue. First, using hash algorithms always > leaves us with the risk of collisions if it's only a theoretical one.
Sure, but a single collision is not a security threat... the problem arises when you can construct collisions cheaply. In fact, if there is no weakness in the hash function, it will be easier to guess the password that to find a collision... > Second, you have the same problem if someone can construct a collision > with fully RfC-compliant message-ids. Yes, definitely. I think the use of APOP should be strongly discouraged now. > Third, you have many other problems once someone owns your pop > server. :) Well, the attacker does not need to own your server, a man in the middle is enough. You will have quite a few problems if there is a man in the middle, but risking your APOP password should not be of them... your mails are not safe, but your password should be. > APOP IMHO should never be considered a secure way of authentication, > it's just more secure than sending plain passwords over the wire. But > yes, since the RfC says the "timestamp" must be syntacially valid > message-id and mutt doesn't check it, there's some room of improvement. > > On the other hand, it may not be very nice to abort authentication in > case the server config is so broken that it generates invalid > message-ids... This is not a problem; if the server does not support APOP it does not send a msg-id and I believe mutt already does something useful in this case, like switching to another authentication method... the invalid msg-ids could be handled just the same. -- Gaëtan LEURENT
