"Remko Tronçon" wrote: >> The XMPP password and the key password should be something completly >> different. > > Yet, in practice, everyone who doesn't know much about security will > use the same password, and you're back to square one. You can try to > ask all clients to consistently refuse keys with the same passphrase > as the account (and vice versa, refuse account password changes that > are the same as the key), yet I doubt if that will work.
Maybe it is a stupid idea, but why not use the md5 sum of the key password as server password? Replace md5 with sha256 to be more up-to-date. Dirk -- It might look like I'm doing nothing, but at the cellular level I'm really quite busy.
