[Operators] Suspicion of Jabbim services being hacked
mathieui at mathieui.net
Fri Dec 19 19:36:13 UTC 2014
On Fri, Dec 19, 2014 at 06:48:44PM +0000, Dave Cridland wrote:
> On 19 Dec 2014 18:32, "Sam Whited" <sam at samwhited.com> wrote:
> > On 12/19/2014 09:24 AM, Peter Viskup wrote:
> > > Hi all,
> > > thought it would be interesting to the audience of this mailinglist.
> > >
> > > http://pinky.jabb.im/2014/12/jabbim-bezpecnostni-problem-security.html
> > >
> > > Best regards,
> > >
> > Another great example of why you should ditch DIGEST-MD5 and store your
> > passwords as SCRAM bits.
> > —Sam
> It feels like we should do something like the encryption push, but for
> non-plaintext passwords.
Do we have any statistics (e.g. on jabber.org) about what proportion of
clients do not support any other mechanisms than PLAIN and DIGEST-MD5?
(though yes, PLAIN works well with hashed passwords, but should still be
avoided whenever possible)
That would be enlightening.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Operators