Hi All,
RFC 4616 implies that it is possible to store a digest for CRAM-MD5 in the
database (just above 3. Pseudo-Code). From what I can tell you need to store a
plain-text password (at best the XORed passwords, which is pointless).
A CRAM digest is created as follows:
MD5(
(K XOR opad),
MD5(
(K XOR ipad),
timestamp
)
)
Where 'timestamp' is variant ("<" num "." num "@" domain ">"). Am I missing
some mathematical nuance, or is RFC 4616 misleading?
Jonathan
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
