[Standards-JIG] certificate and private key retreival

Ian Paterson ian.paterson at clientside.co.uk
Wed Mar 17 15:23:47 UTC 2004


> > [Use hashed passwd in place of passwd for login, use passwd for
> > key encryption, store key on server]

> AFAICS this would break external authentication. For example, say a new
> Jabber server gets installed and shall authenticate users against
> /etc/passwd. No chance to get this going using your method as there's no
> way to compare a SHA1 hash of a password against a crypt/md5 hash (of the
> same password).

Good point.

So, to enable compatability with some 'legacy' or shared authentication
systems, the auth protocol would need to allow the server to specify exactly
which hash algorithm the client must apply to the real password to turn it
into the 'pseudo-plaintext' password?




More information about the Standards mailing list