On Wed, 27 Oct 2004 18:14, Justin Karneges wrote: > On Wednesday 27 October 2004 12:56 am, Alexey Nezhdanov wrote: > > В сообщении от Среда 27 Октябрь 2004 11:48 Alex Kogan написал(a): > > > However, I was not able to get the idea of how these security issues > > > work in practice. Can you help me giving a practical advice on > > > implementing client-server communication which is somehow encrypted > > > and still be possible to read for server/client and > > > sniffing-protected at the same time? I also had a look into > > > class.jabber.php and its SendAuth() method, but again, I failed to > > > get the idea of md5() encoding. Is the whole conversation encoded > > > further? > > > > Old auth uses md5 method for authentication. The password is not > > decodeable - the provided info is just enough only for auth. > > Was there an older authentication method that used MD5? I'm only aware of > the old iq:auth, which uses SHA1. The modern auth is SASL-based.
The DIGEST-MD5 mechanism of SASL is compulsory, AFAIK. So there is a _modern_
authentication method that uses MD5. :-)
TX
--
Email: Trejkaz Xaoza <[EMAIL PROTECTED]>
Web site: http://xaoza.net/
Jabber ID: [EMAIL PROTECTED]
GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F A62C B8C7 BC8B 037E EA73
pgpKkFce7zIMt.pgp
Description: PGP signature
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
