[nflug] SMTP Auth
Mark Musone
mmusone at shatterit.com
Fri Dec 21 17:36:38 EST 2007
This is not MD5 (at least not AUTH PLAIN). It's base-64. (it can't be MD5,
if it was, the server could not know the username to begin with). MD5 cannot
be decrypted.
Take a look at the following url for examples of SMTP AUTH sessions:
http://www.technoids.org/saslmech.html
As an added test go to: http://www.hcidata.co.uk/base64.htm
And plug in that AUTH PLAIN data from that example, and convert it from
base64 to ascii...see what surprise it has!
Mark
-----Original Message-----
From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On Behalf Of
Robert Wolfe
Sent: Friday, December 21, 2007 5:26 PM
To: nflug at nflug.org
Subject: Re: [nflug] SMTP Auth
Mark Musone wrote:
> It's in the AUTH command in the SMTP session. For example:
>
> S: 250-smtp.example.com Hello client.example.com
> S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN
> C: AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ=
> S: 235 2.7.0 Authentication successful
>
> In this example, it's using the AUTH PLAIN mechanism (there's many that
can
> be used and negotiated, for example LOGIN, GSSAPI, MD5, KERBEROS..etc..
> For AUTH PLAIN, it's a base-64 encoding of the username and password..
>
> Mark
>
Unfortunately, I believe this is in MD5 encryption. Is there any way to
_decrypt_ the contents of the AUTH PLAIN statement by any chance?
--
Robert Wolfe
Systems Administrator
LocalNet Corp.
CoreComm Internet Services
(517) 664-8924
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list