Norman Rasmussen schrieb:
On 5/25/06, Ulrich Staudinger <[EMAIL PROTECTED]> wrote:
> some sort of non-challenge md5? that would be just as secure as plain.
Actually i thought more about something like:
md5( md5(password) + sid )
so, basically using the md5(password) as the plain password, you can
use any sasl method after you've computed that - md5(x + sid) is just
a weak sasl method, digest-md5 would do much better - and it's already
implemented everywhere.
If you're going to alter the client, just add a md5 hash function to
the password when the user enters it, and use that as the jabber
account password. Then you can do direct text matching with the value
in the db, no matter which sasl method is chosen.
Right. I just would have like to have it standardized. But yes, you are
correct, simply altering a client should be very fine for a single
service. However, as community software usually stores passwords in md5,
most other communitys can't simply plug in a jabber server for the said
reasons.
Cheers,
Ulrich
begin:vcard
fn:Ulrich B. Staudinger
n:Staudinger;Ulrich B.
org:activestocks.de
adr;quoted-printable:;;Karoline-Zwiener-Strasse 10;G=C3=BCtersloh;D;33332;Germany
email;internet:[EMAIL PROTECTED]
tel;work:++49-5241-9619922
tel;fax:++49-5241-9619980
tel;cell:++49-176-24506471
url:http://www.activestocks.de
version:2.1
end:vcard
