On Fri, Dec 19, 2014 at 06:48:44PM +0000, Dave Cridland wrote: > On 19 Dec 2014 18:32, "Sam Whited" <[email protected]> wrote: > > On 12/19/2014 09:24 AM, Peter Viskup wrote: > > > Hi all, > > > thought it would be interesting to the audience of this mailinglist. > > > > > > http://pinky.jabb.im/2014/12/jabbim-bezpecnostni-problem-security.html > > > > > > Best regards, > > > > > Another great example of why you should ditch DIGEST-MD5 and store your > > passwords as SCRAM bits. > > > > —Sam > > > It feels like we should do something like the encryption push, but for > non-plaintext passwords.
Do we have any statistics (e.g. on jabber.org) about what proportion of clients do not support any other mechanisms than PLAIN and DIGEST-MD5? (though yes, PLAIN works well with hashed passwords, but should still be avoided whenever possible) That would be enlightening. -- mathieui
pgpiY3V5hFj3S.pgp
Description: PGP signature
