CRAMMD5

CRAM-MD5 is a challenge–response authentication mechanism that uses the HMAC-MD5 hash and is defined for use with SASL (Simple Authentication and Security Layer). It is designed to let a client prove knowledge of a password without sending the password over the network. It has been used with email protocols such as IMAP, POP3, and SMTP, typically within SASL-enabled sessions.

How CRAM-MD5 works: During authentication, the server issues a challenge string, usually base64-encoded. The client decodes

Security considerations: Because CRAM-MD5 does not encrypt the entire session, it only protects the password from

History and status: CRAM-MD5 was specified in RFC 2195 (1997). It saw broad use in older email