[Standards] field report on authentication methods

Peter Saint-Andre stpeter at mozilla.com
Thu Aug 9 15:24:08 UTC 2018

Out of curiosity, I recently looked at successful logins on jabber.org
over a series of days (all over TLS, of course). The methods used were:

SCRAM-SHA-1           46.68%
DIGEST-MD5            38.65%
SASL PLAIN            10.03%
plaintext (XEP-0078)   3.97%
CRAM-MD5               0.67%

It's interesting that DIGEST-MD5 is still so widely used, despite
interoperability problems over the years. And 4% use of XEP-0078
indicates that there are still some really old clients out there (it's
been almost 14 years since the publication of RFC 3920).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180809/16065647/attachment.sig>

More information about the Standards mailing list