8 May
2024
8 May
'24
8:22 a.m.
Also, I suspect the naive way to implement this will be
to hash the bare
JID. We probably want to mention that this is a bad idea and that these
identifiers should be random (or we should explicitly define the security
properties that are required if they're derived, which probably includes
using a salt and ensuring high entropy).
The XEP suggests "One way to ensure these properties is to generate a
private secret key for every room and use an HMAC algorithm with a
sufficiently secure hash function to generate the occupant identifier from
the real bare JID and that secret key."