[jadmin] jabberd14 'crypt' password storage in postgressql
Martel Valgoerad
martel at post.pl
Mon Jun 11 12:54:23 CDT 2007
Matthias Wimmer wrote:
>> Actually, I don't understand - apart from 'not well thought out' - why one
>> would not compare two md5 encrypted strings instead of two plain text
>> strings.
> Because you can only calculate the md5 encrypted password if you know
> the password. Therefore to be able to calculate the hash, the client has
> to send the user's password in plain. This is bad ...
Why? Couldn't the hash be calculated on a client side? So only this hash would
be sent over the wire and a server would just need to compare two hashes - one
sent to it and the other stored in it's internal DB. What I believe was the
Oliver's original meaning.
> Matthias
--
Martel Valgoerad aka Michal Minicki | martel at aie.pl | http://aie.pl/martel.asc
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"Idleness is not doing nothing. Idleness is being free to do anything." --
Floyd Dell
More information about the JAdmin
mailing list