On Fri, Aug 17, 2001 at 05:11:21PM -0700, John Sands wrote:
> The FTP Server has been changed to use MD5 encryption
I don't understand how this is relevant. Wven if the FTP server supports
hashing passwords using MD5 you should still need to send the password in
plaintext over the network. The only differences are the ability to specify
longer passwords, and how the password is hashed in the FTP server's
password file.
> I also connect using the FTP Voyager client and I had to check the MD5
> option to get it to work.
This doesn't make much sense. If your FTP server really requires the
password be sent over the network as an MD5 hash then your password is
actually the MD5 hash; that is the authentication token being used, and
sniffing that and replaying it will give someone access to the FTP server.
In other words, this MD5 hashing of passwords by your FTP server sounds
fishy. What FTP server are you using? Are you certain it requires
passwords sent over the network as an MD5 hash, or is it just how it stores
the passwords in its password file (or database)?
Michael
--
Administrator www.shoebox.net
Programmer, System Administrator www.gallanttech.com
--
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
