In cryptography, CRAM-MD5 is a challenge–response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. As one of the mechanisms supported by the Simple Authentication and Security Layer (SASL), it is often used in email software as part of SMTP Authentication and for the authentication of POP and IMAP users, as well as in applications implementing LDAP, XMPP, BEEP, and other protocols. When such software requires authentication over unencrypted connections, CRAM-MD5 is preferred over mechanisms that transmit passwords "in the clear," such as and . However, it can't prevent derivation of a password through a brute-force attack, so it is less effective than alternative mechanisms that avoid passwords or that use connections encrypted with Transport Layer Security (TLS).

Protocol

The CRAM-MD5 protocol involves a single challenge and response cycle, and is initiated by the server:

Strengths

The one-way hash and the fresh random challenge provide three types of security:

Weaknesses

Standards

CRAM-MD5 is defined by the IETF standards-track document RFC 2195, which supersedes RFC 2095, from earlier in 1997. These de facto standards define CRAM-MD5 as an authentication method for the email mailbox-management protocols POP and IMAP. CRAM-MD5 is one of the authentication methods supported by Simple Authentication and Security Layer (SASL), defined in 2006 by RFC 4422, which supersedes the 1997 standard RFC 2222. The Internet Assigned Numbers Authority (IANA) maintains a registry of SASL mechanisms, including CRAM-MD5, for limited use. CRAM-MD5 is required for On-Demand Mail Relay (ODMR), defined in RFC 2645.

Obsolete

It was recommended to deprecate the standard in 20 November 2008. As an alternative it recommends e.g. SCRAM or SASL Plain protected by TLS instead.