On 04/20/2014 06:46 PM, Simon Tennant wrote: > Is this a question about Ejabberd or generally?
A question about client support for SCRAM. > Generally nobody should be using Digest authentication and thus > necessitating plaintext storage of passwords. Ever. The majority of the XMPP network does this. It is the default in both ejabberd and prosody (see link quoted in the original mail[1], at the very bottom). > You might want to run your server through XMPP.net to see which mechanisms > it's offering. For example: > https://xmpp.net/result.php?domain=jabber.de&type=client Yes, I know that site, thank you. I tried a few domains from the history in the observatory, jabber.ccc.de, jabber.org, jabber.ru, jabber.co.nz, xmpp.jp, xmpp.ru and jabber.at all offer DIGEST-MD5, wich indicates they store passwords in plaintext. Only jabber.de and jabber.ua don't. greetings, Mati [1] http://prosody.im/doc/plain_or_hashed -- twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature
