[JDEV] Passwords, zero-K and storage

Iain Shigeoka iainshigeoka at yahoo.com
Wed Jun 20 10:22:51 CDT 2001

At 12:54 AM 6/20/2001 +0100, you wrote:
> > > If someone really wants passwords to be
>secure, they need to use a secure
> > > method of account registration,
>authentication, and renewal in the case of 0k.
> >
> > Yes, this seems to be the weakspot of 0k in
>general, the user-initiated
> > password setting and changing...
>I've never been too hot on the 0k stuff, but
>surely setting new passwords could be sequenced as
>requested in the initial jabber:iq:auth query when
>sent, therefore going in a hashed way rather than
>as plain-text, keeping the plain-text off the

Yeah.  There are a ton of ways to do it.  Most of this is just a matter of 
deciding on a standard method so that all the servers and clients can 
interoperate properly.  For instance, if you just look at 0k from the docs 
page, you can't actually implement it even though the server and some 
clients are using it today...  If you want to add it to your client, you 
pretty much have to reverse engineer the protocol or read the server source. ;(

On the positive side, once the Foundation is setup and running, and the 
standards process gets into swing, I think we'll be seeing a very positive 
standards effort (heck I'm planning on putting some serious work in it) so 
this should only be a temporary situation.


Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the JDev mailing list