On 5/25/06, Tony Finch <[EMAIL PROTECTED]> wrote:
AFAIK most DIGEST-MD5 implementations keep bare passwords on the server, so a server compromise would expose them all.
It depends if it's a actual server compromise, or the attacker has only been able subvert the client's connection. -- - Norman Rasmussen - Email: [EMAIL PROTECTED] - Home page: http://norman.rasmussen.co.za/