[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Nathan Walp faceprint at faceprint.com
Tue May 27 21:11:48 UTC 2003


On Tue, May 27, 2003 at 01:56:04PM -0600, Dave Smith wrote:
> For those of you who are saying "it _just_ obscurity", consider that 
> it's important that we don't store plaintext passwords for the SAME 
> reason that *nix doesn't store plaintext passwords. Even if people know 
> the hash, it doesn't do them a whole lot of good.

*nix stores passwords hashed, yes.  But *nix doesn't have to send
passwords over the wire.  It takes the plaintext password, hashes it,
and compares.  Jabber has the problem of how to do this, and still be
able to change the password, which requires sending the plaintext
password to the server at some point.  


Nathan

-- 
Nathan Walp             || faceprint at faceprint.com
GPG Fingerprint:        ||   http://faceprint.com/
5509 6EF3 928B 2363 9B2B  DA17 3E46 2CDC 492D DB7E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20030527/a62f2b36/attachment.sig>


More information about the Standards mailing list