[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
crabbkw at nafai.dyndns.org
Tue May 27 20:37:49 UTC 2003
To address Tijl's concerns of this not buying safety from others who
use the same system:
I propose we sha1(streamID + sha1(userPassword + serverHostName))
This protects the password from external systems, and other jabber
It accomplishes what Diz wants with protecting the password from being
used on other systems; and addresses some of Tijl's concerns with
other security systems using the same sha1(streamID +
sha1(userPassword)) auth mechanism.
Does this make sense?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Standards