6 Dec
2014
6 Dec
'14
3:35 a.m.
On 12/5/14, ML mail mlnospam@yahoo.com wrote:
Hello,
I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants:
- MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
- SHA512-CRYPT password scheme storage with PLAIN auth mechanism
In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection.
Thats not exactly a true statement, if you offer STARTTLS you are optional on encryption, if you mean not allow unencrypted connections then you are forcing TLS, not STARTTLS since the latter is designed to accept unencrypted and then _try_ upgrade to encryption if possible, if not, stay unencrypted.
What is your opinion?
Number 2 as the other poster said without hesitation and for reasons he said