[JDEV] Account information storage, plaintext?

Jamin W. Collins jcollins at asgardsrealm.net
Mon Sep 15 19:16:30 CDT 2003

When quoting, please include proper attributions for the text quoted.

On Mon, Sep 15, 2003 at 10:48:54PM +0100, Richard Dobson wrote:
> On Mon, Sep 15, 2003 Jamin W. Collins wrote:
> >
> > The use of a two way algorithm would still require the user do more
> > than cat the file to find the password.  Why should we make it as
> > easy as possible for people (admins or not) to find out other
> > people's passwords?  If anything we should be taking every possible
> > step to do exactly the opposite.
> Because as already mentioned transports simply wont work if you cannot
> obtain the original plaintext password, also current authentication
> schemes will not work either, and as ive already said it makes it very
> difficult to integrate jabber into an existing system if you cannot
> get at the plaintext password.

Please reread my statement.  I referenced the use of a two way
algorithm, not a one way.  A two way algorithm would allow the
transports and server access to the original plaintext password. 

> > Simple because thousands of applications do it doesn't mean it's the
> > correct thing to do.
> Ofcouse it doesnt mean its the best thing to do in an ideal world, but
> because we live in the real world a lot of people will want to
> integrate jabber with those existing applications, we cannot simply
> ignore their existance.

And, what about using a two way algorithm would stop us from doing so?

Jamin W. Collins

To be nobody but yourself when the whole world is trying it's best night
and day to make you everybody else is to fight the hardest battle any
human being will fight. -- E.E. Cummings

More information about the JDev mailing list