Dnia 04-11-2007, N o godzinie 05:11 -0500, Josh pisze: > Is there a way to store c2s passwords in the database as MD5 hashes? > More > to the point, is it easy to use an existing database full of usernames > and > MD5-hashed passwords?
This is a well known case of "hashed storage + plain wire" vs. "plain storage + hashed wire". In order to have hashed passwords on the wire, you need plain text passwords in the auth storage. If you have hashed passwords in the auth storage, you need to transfer them plaintext over the wire. We want to be able to do secure logins (DIGEST-MD5) over unencrypted connection, thus we need to store passwords plaintext. -- /\_./o__ Tomasz Sterna (/^/(_^^' Xiaoka.com ._.(_.)_ XMPP: [EMAIL PROTECTED] _______________________________________________ Jabberd2 mailing list [email protected] http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com
