Kurt Zeilenga <[email protected]> writes: > On Dec 17, 2009, at 5:35 AM, Simon Josefsson wrote: > >> If you don't store the hashed password for SCRAM, you need to burn CPU >> time for every login to derive the SCRAM hash keys. That doesn't scale >> well. > > If you ONLY store the hash keys, you limit which password-based > mechanisms can be used. That might be okay in small enterprise > deployments, but seems quite problematic for large (internet scale) > service providers.
Right. So preferably you would store both (when that is possible). /Simon _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
