CRAM-MD5

CRAM- MD5 ( Challenge Authentication Response Mechanism Message Digest 5 ) is an authentication method according to the challenge-response principle based on the HMAC - MD5 algorithm.

Example, it is often used to authenticate to SMTP or IMAP servers, because it avoids the transmission of the password in plain text. By this method, a secure authentication to a server can also be done via unencrypted channels.

Method

In RFC 2195, the process is described in more detail:

The consideration of the time stamp from the server when calculating the password hash prevented so that attackers can access over insecure connections to the direct authentication features a user. If the user's password only hashed needed an attacker only this hash to tap and could authenticate any to a server with it. Even with knowledge of the time stamp that the server sent to the client, an attacker not succeed, because the time stamp from the server changes every authentication process, the attacker but is not in possession of the password to this hash, including the time stamp, and even to send to the server. There is only the possibility, the time stamp of the server and the generated therefrom Digest of the client to tap and with various cryptographic attacks, brute-force, dictionary attack, rainbow table, etc., starting from hash and time stamp on the clear text password to connect back. Since these are very complex processes, CRAM -MD5 can certainly be considered as sufficiently secure.