[ale] How LDAP works with authentication

Mike Harrison meuon at geeklabs.com
Wed Oct 12 21:24:23 EDT 2005


> The question here is what is safer.  Using SSL to transmit a plain-text
> password or using SSL to transmit a password that is MD5 encrypted.

I've seen LONG arguments on whether 'double encrypting' something
made it safer or not.. And you though the Vi/EMacs religious wars
are bad. 

My personal, non crypographically oriented mind says:

If you use SSL to transmit and MD5 encrypted string (password), 
and the SSL fails or it intercepted, or magically reverts to
plain text mode because something broke.. it's still in it's MD5 
state and will require some additional effort to crack. 






More information about the Ale mailing list