On 5/25/06, Ulrich Staudinger <[EMAIL PROTECTED]> wrote:
> some sort of non-challenge md5? that would be just as secure as plain. Actually i thought more about something like: md5( md5(password) + sid )
so, basically using the md5(password) as the plain password, you can use any sasl method after you've computed that - md5(x + sid) is just a weak sasl method, digest-md5 would do much better - and it's already implemented everywhere. If you're going to alter the client, just add a md5 hash function to the password when the user enters it, and use that as the jabber account password. Then you can do direct text matching with the value in the db, no matter which sasl method is chosen. -- - Norman Rasmussen - Email: [EMAIL PROTECTED] - Home page: http://norman.rasmussen.co.za/
