On Thu, Jan 24, 2019, at 15:55, Philipp Hörist wrote: > SCRAM is not a mechanism to hide the password from the server > operator. Its a mechanism to make it possible for the server operator > to NOT store the password after getting it.
This is also easily accomplished with PLAIN. PLAIN also makes upgrading the password storage mechanism much more agile so it's probably safer for most use cases. That being said, it does require that you store the password on the client (unless you want the user to enter it every time), so I see that as the primary benefit of using SCRAM, not stopping the server operator from having to store it. —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
