On 07/13/2017 10:46 PM, Chapman Flack wrote:
> Neither is suitable on an unencrypted channel (as has been repeatedly
Please forgive my thinko about md5. I had overlooked the second
salted md5 used in the protocol, and that had to be some years ago
when I was sure I had looked for one in the code. But it's been there
since 2001, so I simply overlooked it somehow. Not sure how. I've had
an unnecessarily jaundiced view of "md5" auth for years as a result.
I feel much better now. Sorry for the noise.
-Chap