For the moment there are several different ways of the authorization on the ICQ server:
"Simple" login
The password is send to the server "openly" — it's encrypted by known algorithm and key.
While using the simple login the password can be intercepted and decrypted.
MD5 login
An eventual cryptographic hash of the password (MD5) is sent to the server instead of the password.
While using the MD5 login the interception of the password is completely impossible because hash includes an eventual line changing every time. In total is very complicated to guess the password using one or several intercepted hashes.
Moreover there is the third variant when a cryptographic hash of an eventual line and the password hash is sent to the server.
R&Q supports all these variants and also allows to store the password or its hash in your account.
In total the user has 5 variants:
— to use the simple login and to store the password in the account,
— to use the simple login and to enter the password every time when login,
— to use the MD5 login and to store the password in the account,
— to use the MD5 login and to enter the password every time when login,
— to use the MD5 login and to store the password hash in the account.
When the password or its hash is stored in the account it can be stolen by a person or a trojan having copied the account.
However in this case there is a chance to restore the password from the account if you forget it.
When you enter the password at login it can be intercepted by the keylogger infected your PC. Besides if you forget the password it will be impossible to restore it.
Storing the hash instead of the password doesn't have many advantages because knowing the hash it'a already possible to login and then to change the password.
In general it's recommended to use the MD5 login. It's for you to decide to store the password in the account or not. However in both cases don't forget about the possibility to restore the password through ICQ server.
