Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
CRAM-MD5
open-in-new
<p>In <a href="/facts/Cryptography/e94PEVau">cryptography</a>, CRAM-MD5 is a <a href="/facts/Challenge%25E2%2580%2593response_authentication/QTMRmhpM">challenge–response authentication</a> mechanism (CRAM) based on the <a href="/facts/HMAC-MD5/Qy9WD4V9">HMAC-MD5</a> algorithm. As one of the mechanisms supported by the <a href="/facts/Simple_Authentication_and_Security_Layer/4z9w1bx6">Simple Authentication and Security Layer</a> (SASL), it is often used in email software as part of <a href="/facts/SMTP_Authentication/YcQqoSqf">SMTP Authentication</a> and for the authentication of <a href="/facts/Post_Office_Protocol/QCp6qJQm">POP</a> and <a href="/facts/Internet_Message_Access_Protocol/QMnyvUwk">IMAP</a> users, as well as in applications implementing <a href="/facts/LDAP/KgpfD8nR">LDAP</a>, <a href="/facts/XMPP/hgulEuRA">XMPP</a>, <a href="/facts/BEEP/X8XfqCGt">BEEP</a>, and other protocols. </p><p>When such software requires authentication over unencrypted connections, CRAM-MD5 is preferred over mechanisms that transmit passwords "in the clear," such as <i>LOGIN</i> and <i>PLAIN</i>. However, it can't prevent derivation of a password through a <a href="/facts/Brute-force_attack/TXl8pkfb">brute-force attack</a>, so it is less effective than alternative mechanisms that avoid passwords or that use connections encrypted with <a href="/facts/Transport_Layer_Security/pGy16TnA">Transport Layer Security</a> (TLS). </p>