Read and respond to this message at: 
https://sourceforge.net/forum/message.php?msg_id=4211080
By: deryni9

If the token you need to present to the server is the hash (which you have 
stored
in the accounts.xml file) then that hash *is* your password, in the same way
the current 'normal' password is your password. It is the literal string that
a person would need to steal in order to log in as you.

Think about this, what if right now whenever you needed to create a new 
password,
you ran a hash over it first and then used that, would your resulting 
accounts.xml
look any different than if gaim did the hashing of your 'normal' password and
then stored it?

And of course the hash changes all the time or it wouldn't secure anything.
Anyone listening on the network would get *exactly* what they need to log in
as you, which no matter which way you slice it *is* your password.

______________________________________________________________________
You are receiving this email because you elected to monitor this forum.
To stop monitoring this forum, login to SourceForge.net and visit: 
https://sourceforge.net/forum/unmonitor.php?forum_id=665

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Gaim-forums mailing list
Gaim-forums@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gaim-forums

Reply via email to