[JDEV] JabberCOM and 0k authorization
David Waite
dwaite at jabber.com
Mon Dec 11 17:12:50 CST 2000
If you are storing passwords in the DB server side unencrypted, then 0k
does not buy you anything. 0k is short for 'zero knowledge', where
neither the server or client knows the password. Very useful for
environments where you just plain can't trust that passwords can be
stored unencrypted.
Trying to support 0k internally, you would just end up doing lots of
hashes on both sides for nothing.
Actually moving to 0k - you would want to store a hash , a token, and a
counter.
-David Waite
Lubos Pochman wrote:
> The new JabberCOM uses jabber:iq:auth:0k when connection is being
> established using jatPlainText JabberAuthType.
>
> We are storing passwords in the DB on server side
> (we have our own DB based xdb module) in plain unencrypted form.
>
> How do I convert plain string from and to the 0k encryption?
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Lubos Pochman, AudienceBank Media, Inc.,
> 357 S.McCaslin Blvd, Suite #224, Louisville, CO 80027
> phone: (303)926-4929, email: nospam_lubosp at desktopdollars.com
> http://www.audiencebank.com
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list