[pskmail] Re: Server 1.4.0a email access issue

  • From: John Douyere <vk2eta@xxxxxxxxx>
  • To: pskmail@xxxxxxxxxxxxx
  • Date: Thu, 25 Aug 2011 00:09:18 +1000

Hi Rein,

Pretty good. So does it means that the session password (not the email one)
should be changed regularly, maybe even every session? Or is it safe since
it is encoded?



On Thu, Aug 25, 2011 at 12:04 AM, Rein Couperus <rein@xxxxxxxxxxxx> wrote:

> Have  you entered a link password via the prefs dialogue?
> It works like this:
> * You set a link password on the client (Prefs dialogue)
> * You send it to the server with :SETPASSWORD
> * The server says 'Your link password has changed'.
> If you connect the next time, the server will send a challenge as part of
> the 'version' message.
> When the client receives the challenge from the server, it also generates a
> challenge.
> The client generates a cookie on the basis of the link password and both
> challenges.
> The client sends its challenge and the cookie to the server.
> The server checks if the cookie is valid and says 'OK...'.
> If the client uses a different password authorization fails...
> That way somebody using your call cannot get your mail.
> Rein PA0R

Other related posts: