[Security] TLS Certificates Verification

Dirk Meyer dmeyer at tzi.de
Wed Aug 20 05:10:54 CDT 2008


"Remko Tronçon" wrote:
>> The XMPP password and the key password should be something completly
>> different.
>
> Yet, in practice, everyone who doesn't know much about security will
> use the same password, and you're back to square one. You can try to
> ask all clients to consistently refuse keys with the same passphrase
> as the account (and vice versa, refuse account password changes that
> are the same as the key), yet I doubt if that will work.

Maybe it is a stupid idea, but why not use the md5 sum of the key
password as server password? Replace md5 with sha256 to be more
up-to-date.


Dirk

-- 
It might look like I'm doing nothing, but at the cellular level I'm
really quite busy.


More information about the Security mailing list