[pskmail] Re: Server 1.4.0a email access issue
- From: "Rein Couperus" <rein@xxxxxxxxxxxx>
- To: pskmail@xxxxxxxxxxxxx
- Date: Wed, 24 Aug 2011 16:28:31 +0200 (CEST)
No need to change it, the cookie is different every session...
see http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Rein
================================================
Hi Rein,
Pretty good. So does it means that the session password (not the email one)
should be changed regularly, maybe even every session? Or is it safe since it
is encoded?
Regards,
John
On Thu, Aug 25, 2011 at 12:04 AM, Rein Couperus
<rein@xxxxxxxxxxxx[mailto:rein@xxxxxxxxxxxx]> wrote:
Have you entered a link password via the prefs dialogue?
It works like this:
* You set a link password on the client (Prefs dialogue)
* You send it to the server with :SETPASSWORD
* The server says 'Your link password has changed'.
If you connect the next time, the server will send a challenge as part of the
'version' message.
When the client receives the challenge from the server, it also generates a
challenge.
The client generates a cookie on the basis of the link password and both
challenges.
The client sends its challenge and the cookie to the server.
The server checks if the cookie is valid and says 'OK...'.
If the client uses a different password authorization fails...
That way somebody using your call cannot get your mail.
Rein PA0R
Other related posts:
