[standards-jig] UPDATED: JEP-0078 (Non-SASL Authentication)

Peter Saint-Andre stpeter at jabber.org
Fri Jun 13 17:33:40 UTC 2003


On Fri, Jun 13, 2003 at 09:21:21AM +0200, Jacek Konieczny wrote:

> Plain text passwords are regular CDATA in the XML stream, so it is
> Unicode encoded in stream encoding (which may be UTF-8 or UTF-16). No
> clarification is needed, and the sentence you wrote is wrong for UTF-16
> encoded streams.

True, it should just say you encode it according to the encoding of the
stream (which could be UTF-8 or UTF-16).

>    The value of the <digest/> element MUST be computed according to the following
>    algorithm:
> 
>     1. Concatenate the Stream ID received from the server with the password.
>     2. Hash the concatenated string according to the SHA1 algorithm.
>     3. Ensure that the hash output is in hexidecimal format, not binary or base64.
>     4. Convert the hash output to all lowercase characters.
> 
> This is a place where clarification is needed. Digest is computed from sequence of bytes,
> so the encoding used should be known. Maybe point 1. should read:
>     
>     1. Concatenate the Stream ID received from the server with the password, both
>        encoded as UTF-8.

Same as above, could be UTF-8 or UTF-16.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.php




More information about the Standards mailing list