On Friday 21 February 2003 11:19 pm, you wrote: > This changes the padding on each message containing the password, making > the attack rather more difficult, and has the advantage that you don't need > to convince the party running the server to update their software. > Depending on how much stuff you can send per message, you can vary it by > quite a bit. In the POP case the "PASS xxx" would be a single message so > you don't have quite that much leeway, but it looks like you can add enough > whitespace to make the padding random. Someone else on the list posted a > followup to say he'd tried it on two servers and they had no trouble with > the whitespace.
Seems to me that APOP would accomplish much the same thing without the need for random padding, no? Or is APOP not widely implemented? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
