Date: Thu, 20.09.12 16:10
20 Sep 2012 09:38:50, you wrote to Ivan Agarkov:
IA>> Features of the current (0.3.2) version:
IA>> - sending and receiving bundles using binkp/1.1-compatible protocol
AG> I.e. the other side might send OPT CRAM-SHA1/MD5-* ...
AG> Considering that this misunderstanding is very commonplace, maybe
AG> it'd be better to change FTS-1027 to state that if it supports
AG> multiple hash algos including MD5, it should send both, CRAM-MD5-*
AG> and CRAM-/MD5-*?! How do others think about that?
Most likely it really should, with the priority defined by position:
That will try GOST 34.11 in the first place (for really paranoid people), then
SHA1, and then fall back to MD5.
Alexey V. Vissarionov aka Gremlin from Kremlin
* Origin: http://openwall.com/Owl (2:5020/545)