Changes between Version 20 and Version 21 of PlainTextPasswords


Ignore:
Timestamp:
08/08/15 21:40:25 (20 months ago)
Author:
mmcco
Comment:

trivial cleanup

Legend:

Unmodified
Added
Removed
Modified
  • PlainTextPasswords

    v20 v21  
    9898Then don't save your passwords in Pidgin or Finch.  As noted above, not saving the password is the default behavior.  This is another instance of "if someone else can access your files and you can't trust them not to misuse stored sensitive data, don't store the sensitive data."  Besides, you have to log in to your operating system anyway; it's not really going to kill you to have to type the same password one more time.
    9999
    100 == DIGEST-MD5 in Jabber/XMPP ==
     100== Hash-based SASL in Jabber/XMPP ==
    101101
    102102[https://xmpp.org/rfcs/rfc3920.html#security-mandatory RFC 3920] requires that Jabber/XMPP servers implement SASL DIGEST‑MD5 authentication method. This allows clients (and servers) to not store the password in plain-text but instead store cryptographic hash (MD5) of user name, domain and password. If the password is strong this makes nearly impossible for an attacker to recover the password.
     
    107107- When server stops supporting DIGEST‑MD5 authentication (but still provide other password-based), Pidgin will have to ask for password.
    108108
    109 Currently (as of 2008) Pidgin does not store the hash. elb: "I would accept a good patch to implement that"
     109Patches that add support to store only password hashes are welcome.
    110110
    111111As of 2010, the draft version of the next XMPP standard specifies [https://tools.ietf.org/html/rfc5802 SCRAM-SHA-1] as the mandatory-to-implement mechanism, replacing DIGEST-MD5, though not all servers support it currently.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!