[341] in WWW Security List Archive
Re: Experimental implementation of SimpleMD5
daemon@ATHENA.MIT.EDU (Mary Ellen Zurko)
Wed Jan 25 13:22:22 1995
From: zurko@osf.org (Mary Ellen Zurko)
To: www-security@ns2.rutgers.edu
Date: Wed, 25 Jan 95 8:49:19 EST
In-Reply-To: <9501242028.AA05297@dxmint.cern.ch>; from "hallam@axal04.cern.ch" at Jan 24, 95 9:28 pm
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
In terms of comparing proposals, I'm afraid I understand the writeup
of SimpleMD5 way better than the Simple Digest scheme. For example,
the writeup of SimpleMD5 clearly states that usernames and passwords
are propagated as before (it doesn't say what before was, but I guess
that means ad hoc). I don't quite understand the pragmatics of Simple
Digest, because I think Phill wrote somewhere something about
passwords not being stored in cleartext. Could someone who understands
this dimension of both schemes (how passwords are made available to
user and server, and how stored), explain it clearly and completely?
Thanks.
Mez
