[Standards-JIG] MUC (JEP-45) privacy & control
trejkaz at trypticon.org
Sun Apr 16 06:26:34 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 16/04/2006, at 15:22 PM, Lukáš 'Spike' Polívka wrote:
> To ensure privacy of both sides, I propose to generate a hash (SHA1?)
> of every user's real JID, which would be sent with his MUC presence
> stanza (or with every message stanza?).
That part wasn't a bad idea, but if we just used SHA-1 of the user's
JID, someone could just build up a giant list of SHA-1 hashes of all
known JIDs, which a user could then use to determine the identity of
users in anonymous" chats.
This can easily be fixed by also adding the JID of the conference
room into the hash.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (Darwin)
-----END PGP SIGNATURE-----
More information about the Standards