[Standards-JIG] Re: UPDATED: JEP-0078 (Non-SASL Authentication)
ian.paterson at clientside.co.uk
Wed Jul 21 18:01:01 UTC 2004
> > BTW, I've spoken to several long-time Jabber developers, and it is not
> > clear whether in digest authentication it is necessary to transform
> > non-US-ASCII password characters into UTF-8 before hashing the
> > StreamID+password string. What is the consensus of the list on this
> > point?
> What is the alternative?
I can't think of a good alternative (SHA-1 operates on a byte array).
This is certainly worth specifying in the JEP.
More information about the Standards