[jadmin] Re: jabberd14 'crypt' password storage in postgressql
Matthias Wimmer
m at tthias.eu
Thu Jun 14 09:41:24 CDT 2007
Hi Oliver!
Oliver Block schrieb:
>> The fundamental fact is that for the vast majority of today's
>> authentication technologies, including ones that are mandatory to
>> implement in XMPP, the server will require access to the plaintext
>> version of the secret.
> How about sasl based on pam?
You won't be able to do DIGEST-MD5 (the required SASL mechanism) based
on libpam.
>> If you're still unclear, then Bruce Schneier's "Applied
>> Cryptography" is a highly recommended read.
> I am reading 'Secure Programming Cookbook for C and C++' from Viega and
> Messier, at the moment because I need something close to a programming
> language.
Reading the description at Amazon, this is not the right lecture to get
a feeling for evaluating authentication protocols. "Applied
Cryptography" is really something I'd also suggest reading (you can also
get it as a German translation if you want), as well as "Handbook of
Applied Cryptography" by Menezes, Oorschot, and Vanstone. You can also
read it online for free: http://www.cacr.math.uwaterloo.ca/hac/
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the JAdmin
mailing list