[Standards-JIG] JEP-0077: In-Band Registration
Ian Paterson
ian.paterson at clientside.co.uk
Fri Jul 21 12:52:32 CDT 2006
>> Clearly users cannot use the option for existing accounts unless the
>> server allows them to change the password.
>
> Yes, now passwords must be stored plain, but even when this will become
> standarized (hashes) there is another issue. Chris Mullins pointed it
> out, it's Active Directory or some similar backend password storage.
Yes, Active Directory, LDAP etc are some of those "existing accounts" cases
I mentioned.
Nobody is suggesting that hashed passwords become the standard way of
logging-in. However, IMHO there should be a non-protocol standard to allow
those clients that choose to implement this optional password hiding feature
to be compatible with one another.
Piotr could you be comfortable with the followoing standard?
SHA256(JID+plainPassword)
Do you want to write the shortest-ever JEP?
- Ian
More information about the Standards-JIG
mailing list