[Standards-JIG] Re: UPDATED: JEP-0078 (Non-SASL Authentication)

Ian Paterson ian.paterson at clientside.co.uk
Wed Jul 21 18:01:01 UTC 2004

> > BTW, I've spoken to several long-time Jabber developers, and it is not
> > clear whether in digest authentication it is necessary to transform
> > non-US-ASCII password characters into UTF-8 before hashing the
> > StreamID+password string. What is the consensus of the list on this  
> > point?
> What is the alternative?

I can't think of a good alternative (SHA-1 operates on a byte array).

This is certainly worth specifying in the JEP.

More information about the Standards mailing list