[standards-jig] Small Footprint Clients and Authentication

Richard Dobson richard at dobson-i.net
Thu May 29 17:35:10 UTC 2003


> 4. The addition of the "edigest" method is intended to move the old
> jabber:iq:auth protocol closer to the level of password security (in
> storage) provided by MD5. It is not really even a new method, but a
> better implementation of the existing digest method. I think JEP-0078
> won't be deprecated for at least 18 months, and I also think that people
> using this method don't particularly want their passwords to be stored
> in the clear all that time (they should not have been stored that way
> since 1999 either, but that is another issue).

Although when integrating a jabber system with an existing user database you
WILL still NEED to be able to use plain text passwords on the backend if
thats the way it stores passwords.

Richard




More information about the Standards mailing list