On 2014-01-31 22:51, Thijs Alkemade wrote: > These use an incrementing counter to generate ids, starting from 0. This means > that, for example, roster retrieval always gets the same id and could be > spoofed by a fast enough attacker: > > * Gajim (python-nbxmpp) > * Strophe > * Miranda > * InstantBird
Also: * Verse You would need to guess the full JID to spoof things done before presence is sent. So, unpredictable resources are good. Also, unpredictable iq ids would not help against an attacker capable of reading the ids off the wire. -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
