[Security] TLS Certificates Verification

Dirk Meyer dmeyer at tzi.de
Wed Aug 20 05:10:54 CDT 2008

"Remko Tronçon" wrote:
>> The XMPP password and the key password should be something completly
>> different.
> Yet, in practice, everyone who doesn't know much about security will
> use the same password, and you're back to square one. You can try to
> ask all clients to consistently refuse keys with the same passphrase
> as the account (and vice versa, refuse account password changes that
> are the same as the key), yet I doubt if that will work.

Maybe it is a stupid idea, but why not use the md5 sum of the key
password as server password? Replace md5 with sha256 to be more


It might look like I'm doing nothing, but at the cellular level I'm
really quite busy.

More information about the Security mailing list