On Dec 17, 2009, at 5:35 AM, Simon Josefsson wrote: > If you don't store the hashed password for SCRAM, you need to burn CPU > time for every login to derive the SCRAM hash keys. That doesn't scale > well.
If you ONLY store the hash keys, you limit which password-based mechanisms can be used. That might be okay in small enterprise deployments, but seems quite problematic for large (internet scale) service providers. -- Kurt _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
