> > > The use of a two way algorithm would still require the user do more > > > than cat the file to find the password. Why should we make it as > > > easy as possible for people (admins or not) to find out other > > > people's passwords? If anything we should be taking every possible > > > step to do exactly the opposite. > > > > Because as already mentioned transports simply wont work if you cannot > > obtain the original plaintext password, also current authentication > > schemes will not work either, and as ive already said it makes it very > > difficult to integrate jabber into an existing system if you cannot > > get at the plaintext password. > > Please reread my statement. I referenced the use of a two way > algorithm, not a one way. A two way algorithm would allow the > transports and server access to the original plaintext password.
I did, I was reading the statement "Why should we make it as easy as possible for people (admins or not) to find out other people's passwords?", which I read as meaning that we should be using one way hashes and not two way encryption. > > > Simple because thousands of applications do it doesn't mean it's the > > > correct thing to do. > > > > Ofcouse it doesnt mean its the best thing to do in an ideal world, but > > because we live in the real world a lot of people will want to > > integrate jabber with those existing applications, we cannot simply > > ignore their existance. > > And, what about using a two way algorithm would stop us from doing so? Read my statement above, I was not talking about two way, I also read this statement as meaning that we should be hashing all passwords and ignoring the thousands of applications you think are doing things wrong. Richard _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
