This module is no longer recommended for use on any Drupal site! Please consider either using SSL, or OpenID for a more secure login mechanism. If you are dead set on using CRAM, please read the following very carefully:
CRAM is a Drupal module that implements the Challenge-Response Authentication Mechanism as a replacement for the default login process. This allows for users to log into a non-SSL site somewhat securely. An algorithm called CRAM-MD5 (http://en.wikipedia.org/wiki/CRAM-MD5) is used to ensure that the user's password is never sent over the wire.
HOWEVER, this does NOT mean that your login session is secure. It is still very possible for someone to steal your session ID, giving them complete access to your account. There are various other attacks that can be employed against CRAM as well. Please be absolutely sure you understand this before installing.
Code can be checked out from the CVS repository.
- Maintenance status: Unknown
- Development status: Obsolete
- Downloads: 360
- Last modified: February 1, 2010