Re: [NTLK] [ANN] APOP 1.0

From: Steve Weyer (weyer_at_kagi.com)
Date: Mon Apr 15 2002 - 17:20:46 EDT


> Date: Mon, 15 Apr 2002 09:31:08 +0200
> From: Paul Guyot <pguyot_at_kallisys.net>
>
> From: Steve Weyer <weyer_at_kagi.com>
>
>> I assume this isn't SSL functionality for https:
>
> Indeed.
>
>> or would this just be used for password challenges?
>
> MD5 is classically used in various cryptography protocols (such as
> SSH handshake).
>
>> the usual one uses a simple base64 encoding, and there have not situations
>> (AFAIK) needing more sophisticated challenge responses.
>
> Well, there are two HTTP authentication methods, Basic and Digest.
> Digest uses MD5. However, most browsers don't support Digest
> authentication. Apache does.

Newt's Cape just supports "Basic" for the usual server challenges, which is
just a base64 encoding -- not clear text but trivial to decode. I suppose if
Digest authentication becomes more prevalent, or there's support for SSL...
I'll take another look

> Ref: http://www.faqs.org/rfcs/rfc2617.html

-- 
Steve
  weyer_at_kagi.com
Newton apps/tools: Newt's Cape, newtVNC, NewtDevEnv, Sloup, Crypto,...
  http://www.kagi.com/weyer/

-- Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html Read the Newton FAQ: http://www.guns-media.com/mirrors/newton/faq/ This is the NewtonTalk mailing list - http://www.newtontalk.net



This archive was generated by hypermail 2.1.2 : Sun May 05 2002 - 14:03:51 EDT