[standards-jig] UPDATED: JEP-0078 (Non-SASL Authentication)
stpeter at jabber.org
Fri Jun 13 17:33:40 UTC 2003
On Fri, Jun 13, 2003 at 09:21:21AM +0200, Jacek Konieczny wrote:
> Plain text passwords are regular CDATA in the XML stream, so it is
> Unicode encoded in stream encoding (which may be UTF-8 or UTF-16). No
> clarification is needed, and the sentence you wrote is wrong for UTF-16
> encoded streams.
True, it should just say you encode it according to the encoding of the
stream (which could be UTF-8 or UTF-16).
> The value of the <digest/> element MUST be computed according to the following
> 1. Concatenate the Stream ID received from the server with the password.
> 2. Hash the concatenated string according to the SHA1 algorithm.
> 3. Ensure that the hash output is in hexidecimal format, not binary or base64.
> 4. Convert the hash output to all lowercase characters.
> This is a place where clarification is needed. Digest is computed from sequence of bytes,
> so the encoding used should be known. Maybe point 1. should read:
> 1. Concatenate the Stream ID received from the server with the password, both
> encoded as UTF-8.
Same as above, could be UTF-8 or UTF-16.
Jabber Software Foundation
More information about the Standards