[standards-jig] Refreshing the Thread: EDigest

Dave Smith dizzyd at jabber.org
Wed May 28 14:31:28 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Wednesday, May 28, 2003, at 07:25 America/Denver, Tijl Houtbeckers 
wrote:

> And what I meant is that it's possible to write an authentication
> module that uses plaintext (so it's compatible with old clients) that
> does not store passwords in plaintext, but uses the edigist store
> instead. From a security point of view they are mutually exclusive in
> most cases, but technically they are not. For digest this is ofcourse
> not possible, since you must have stored the password in plaintext
> somewhere.

I follow you now. I'll be sure to add a note about this in the JEP.

Diz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+1MhAYNE3chVHHsMRAqWxAJwIsT8kWwd2EypyFXrkjUBoQ/G0fQCfZuQG
58cGwHLh02ImQZzXNu6lek0=
=1w+L
-----END PGP SIGNATURE-----




More information about the Standards mailing list