How the md5 hashed authentication method works? Is it protected against
replay attacks? Here is what I have in mind:
* If the server stores salted hashed passwords, then I do not see how
the server could authenticate the users without getting the password in
clear text?
* If the server stores (unsalted) password hash values, then basically
there is almost no difference between a clear text password and an md5
hash, because anyone can replay the send the same hash value and log in
again.
Am I missing something?
Thanks,
Laszlo