Get the LinuxSecurity news you want faster with RSS
Powered By
Security Dictionary
Can't tell 'smtp' from 'snmp'? Find the precise meaning of these and hundreds of other security-related terms in our convenient and up-to-date Security Dictionary.
POP3 APOP
(I) A POP3 "command" (better described as a transaction type, or a
protocol-within-a-protocol) by which a POP3 client optionally uses
a keyed hash (based on MD5) to authenticate itself to a POP3
server and, depending on the server implementation, to protect
against replay attacks. (See: CRAM, POP3 AUTH, IMAP4
AUTHENTICATE.)
(C) The server includes a unique timestamp in its greeting to the
client. The subsequent APOP command sent by the client to the
server contains the client's name and the hash result of applying
MD5 to a string formed from both the timestamp and a shared secret
that is known only to the client and the server. APOP was designed
to provide as an alternative to using POP3's USER and PASS (i.e.,
password) command pair, in which the client sends a cleartext
password to the server.
