Hello mark!   
      
   13 Jun 2012 15:03, mark lewis wrote to Benny Pedersen:   
      
    ml> the OP is talking about the password submitted during the nntp    
    ml> authentication process...   
      
   surre, i just showed how to not send plain passwords without any changes   
   needed in jamnntpd   
      
    ml> not the one that is sent to the admin from    
    ml> the user for signup...   
      
   ?   
      
    ml> what you describe would simple be using the md5 of the password as the    
    ml> password... not the same thing... something has to encode and decode    
    ml> the md5... that something would be the user's nntp client and the nntp    
    ml> server...   
      
   this is just how openssl works where user provide plain passwords in tls   
   session, by tls its not possible to see the md5 password or plain password :=)   
      
   what will happend if man in the middle knows the md5 password and send it as   
   raw ?, he will get access if jamnntpd did not use openssl   
      
   hope patchers is awake :)   
      
      
    Regards Benny   
      
   ... there can only be one way of life, and it works :)   
      
   --- Msged/LNX 6.2.0 (Linux/3.1.10-gentoo-r1 (i686))   
    * Origin: home.junc.org where qico is waiting (2:230/0)