CRAM-MD5 SMTP authentication
CRAM-MD5 stands for challenge-response authentication mechanism (CRAM). In CRAM-MD5 authentication, the server first sends a challenge string to the client. The client responds with a username followed by a checksum. The checksum contains the user's password as the secret key, and the server's original challenge as the message. The server also calculates its own checksum with its notion of the user's password, and if the client's checksum and the server's checksum match then authentication was successful.