> > If someone really wants passwords to be
secure, they need to use a secure
> > method of account registration,
authentication, and renewal in the case of 0k.
>
> Yes, this seems to be the weakspot of 0k in
general, the user-initiated
> password setting and changing...
I've never been too hot on the 0k stuff, but
surely setting new passwords could be sequenced as
requested in the initial jabber:iq:auth query when
sent, therefore going in a hashed way rather than
as plain-text, keeping the plain-text off the
wire?
--
Oliver Wing
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
