"Michael Brown" <[EMAIL PROTECTED]> wrote on 16-9-2003 13:27:57:
>3) Some people on the list - myself included - cannot understand why a >simple *two way* encryption method isn't employed so that, at the very >least, the passwords aren't as easily human readable/recognisable. (If >there is a good reason, please explain this!) The only thing 2 way encryption will give you is a false sense of security. From a security point of view this adds *nothing*. However, some admins might consider it "secure" since it has the word "encryption" in it, and not pay attention to filepermissions. This will not make Jabber any more secure from a security standpoint, but you might *feel* more secure about it. Anyway, if you still want it, it shouldn't be that hard to write a patch for either, you can just XOR whatever you write to the disk, then XOR it again when you read it. If you want *real* security in wich you do not have to trust the admin with your passwords and where passwords will only be exposed during registration, as said before SASL can do that. If you don't even want your password to be exposed during registration, it's possible if you adapt jabber:iq:register for it. As for the transports, as already said, in most cases it's only possible if you adapt the clients to assit in the authentication process. -- Tijl Houtbeckers Software Engineer @ Splendo The Netherlands _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
