Internet technologies and communication software



Authentication

The secure (CRAM-MD5) authentication mechanism avoids passing a cleartext password over a network, ensuring that it cannot be captured and used by anyone else. CRAM stands for Challenge-Response Authentication Mechanism.

Instead of sending the password as cleartext, The Bat! e-mail client may send a non-reversible digest (produced by the MD5 cryptographic hash function), as defined in the HMAC (Keyed-Hashing) standard (RFC-2104), of the password and a unique random string (Challenge String) as received from server. Even if the digest being sent is exposed during SMTP authentication, there is no risk involved, even for email clients that connect frequently to SMTP servers to send new mail. Please note that this authentication mechanism may not be supported by all SMTP servers.

When you choose the option to "Store password on iKey" in The Bat!, this will activate a hardware implementation of the CRAM-HMAC Challenge/Response (RFC-2095) authentication. A special non-replicable hardware token, iKey by Rainbow Technologies, is used to store the password and to produce Keyed Hashing. The token is small and lightweight, making it easy to carry on a key chain or in a daily planner. When this authentication mechanism is chosen, the password will never be exposed at the client end. Once stored, the password cannot be extracted from the token and it is never transferred into the computer where the email client is running. This way, no software (including Spies / Trojan Horses / Viruses) can intercept or otherwise retrieve the password.

A mail server administrator may give the user an iKey token that has already had the required password stored on it, so the user won't even know and won't need to know the actual password. Utilising the feature that iKey tokens cannot be replicated, only the physical owner of the token will have access to the SMTP server, provided that he or she knows the iKey PIN. All SMTP servers that support MD5 & CRAM-HMAC Challenge/Response authentication also support iKey hardware authentication.

The list of email server software that support CRAM-MD5 compatible with The Bat! is:

Confinet Ltd. offers commercial secure mail hosting service MuteMail featuring CRAM-MD5.