On Thu, Oct 21, 2010 at 2:50 PM, Dave Cridland <d...@cridland.net> wrote: > > But in these cases, the attacker can not only read, but spoof, traffic. In > which case they can at least insert traffic of their choosing into a > session. > > Also, if they have the challenge and response in the clear, they can perform > a dictionary attack offline. > > I suspect you're way past hashing the room's secret and well into at least > signing stanzas (and having a provisioning step for certificates, > optionally), if not encrypting them.
I feel like we're going around in circles here. There are plenty of reasons why digest/challenge-based authentication would be more secure than clear-text passwords. The MUC specification [1] doesn't define these. What I'm after is how something like simple DIGEST authentication should be discovered and implemented and not really a debate about its relative value. I find it a valuable additional layer and I suspect I wouldn't be alone. There have been two different proposals--one using iq and one using presence--that seem quite straightforward. I prefer the presence stanza based method. In totality, I also want a MUC room where the password isn't shared. I don't see anything in the specification that says that a MUC room service can't be pre-configured with a certain number pre-registered room members each of whom has their own set of credentials. [1] http://xmpp.org/extensions/xep-0045.html#security -- --Alex Milowski "The excellence of grammar as a guide is proportional to the paucity of the inflexions, i.e. to the degree of analysis effected by the language considered." Bertrand Russell in a footnote of Principles of Mathematics _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
