Tony Finch wrote:
CRAM-MD5 is susceptible to a passive offline dictionary
attack, i.e. you can listen to a CRAM-MD5 exchange and get
enough data to verify a correctly guessed password without
actively asking the server.
http://www.iab.org/documents/drafts/draft-iab-auth-mech-03.txt
Thanks, I didn't know that expired draft, now added to my
"collection". Was that the reason why Sam was so mad about
draft-hutzler-spamops ?
I also didn't know the term "offline dictionary attack", but
it's straight forward, if you can limit your guesses somehow
- the list of guesses is the dictionary - then you can check
it against an observed successful CRAM-MD5 or similar login.
The IF is important, my shortest password is [none of your
business, but short <beg>] and no "word" in any dictionary.
Let's say I feel rather safe on this vector. The weakest
point in my defense is that I use the same passwords at
different places.
http://www3.ietf.org/proceedings/05mar/IDs/draft-ietf-sasl-crammd5-04.txt
That's the I18N (SASLprep) variant of RfC 2195. See also:
http://mid.gmane.org/ldv4qa4rbba(_dot_)fsf(_at_)cathode-dark-space(_dot_)mit(_dot_)edu
Thanks and bye, Frank