nanogui@linuxhacker.org

> So you're saying that all the existing protocols which use hashed or
> encrypted authentication but not actual session encryption (kerberos,
> etc.) are no better than ones which use plaintext authentication?

Unless they use the hash to protect all the data - pretty much.

What does work with your challenge/response type scheme is to always send

MD5sum(data_block, secret) with each 'packet' or 'packet group'. For 
performance you may want to bundle stuff and send a block of messages together
with one MD5 hash for the set.

I used to use this for a pile of code because it was authentication not
encryption and therefore had no (old) US export issues. I still use a variant
of it for giving web browsers tamperproof cookies