Read and respond to this message at:
By: deryni9

If the token you need to present to the server is the hash (which you have 
in the accounts.xml file) then that hash *is* your password, in the same way
the current 'normal' password is your password. It is the literal string that
a person would need to steal in order to log in as you.

Think about this, what if right now whenever you needed to create a new 
you ran a hash over it first and then used that, would your resulting 
look any different than if gaim did the hashing of your 'normal' password and
then stored it?

And of course the hash changes all the time or it wouldn't secure anything.
Anyone listening on the network would get *exactly* what they need to log in
as you, which no matter which way you slice it *is* your password.

You are receiving this email because you elected to monitor this forum.
To stop monitoring this forum, login to and visit:

Take Surveys. Earn Cash. Influence the Future of IT
Join's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Gaim-forums mailing list

Reply via email to