[jdev] plaintext passwords hack

Simon Josefsson simon at josefsson.org
Thu Dec 17 12:03:57 CST 2009

Peter Saint-Andre <stpeter at stpeter.im> writes:

>>> Agreed. That's the main reason we won't deploy hashed-only on the
>>> backend plus SCRAM-only on the wire at jabber.org.
>> So will you 1) not support SCRAM at all, or 2) derive the hash keys from
>> the plaintext passwords during authentication, or 3) cache the derived
>> hash keys for a user?
> I'm not sure yet. Definitely not #1, probably #2, maybe #3.

For #2, how many authentications happens per minute?

My laptop does around 1.000.000 SHA-1 hashes on small data per second,
so using a 4096 iteration count leads to a limit of around 250
authentications per second just counting the hashing.  So if you aren't
anywhere near that (or can use multiple machines), the delay because of
hashing may be irrelevant.

However, making sure you use the same salt for each user may be the
problematic part in some environments.  Otherwise you will cause clients
to have to re-compute the keys every time too.


More information about the JDev mailing list