[JDEV] Jabber server 1.2

mark at mjwilcox.com mark at mjwilcox.com
Mon Nov 6 21:17:05 CST 2000


On 6 Nov 00, at 16:48, Dennis Noordsij wrote:


> 
>  
> > Its kinda all bad - if you are passing a hash of the password around, you
> > get rid of the benefit of it being a hash in the first place (easily
> > replayable, original password never required so the hash basically takes
> > its place and becomes the 'new' plaintext password).
> > 
> > Look up 0k auth. I posed a message a few days ago about it (although
> > I swear I can never remember its formal name :))
> 
> Hmmm.. the thing is that the LDAP dbase already exists and I am not sure 
> how the passwords and hashed (thats my friend's department), all I 

Already been down this path (I'm the author of the xdb_ldap module 
for Jabber 1.0). Forget about digest authentication. For digest 
authentication to work in jabber, you must have access to the 
plaintext password because the digest is computed by hashing the 
password & the session ID & then recomputing on the server. 

I'm starting to work on LDAP for Jabber 1.2. I'm trying to decide 
between keeping it in C (yuck), or put it in Perl (or Python) or even 
Java.

If there's a need out there for this (and a preference), send me a 
note at mark at mjwilcox.com. Or drop me a note on Jabber at 
mewilcox at jabber.org

> imagine is that it likely is irreversible. I am not worried about 
> sniffing or anything like that, just the fact that I might not be able 
> to reverse already hashed passwords.
If you can reverse an already hashed password, then it's not a hash 
(or at least poorly designed hash). Jabber uses SHA-1 which is a 
cryptographically secure hash. The hash is designed to be one 
way, not encrypted (which implies decryption).

Mark

> 
> > last I heard,  1 MB was the max size before the server just hung up on you.
> > If karma is turned on with default settings, it will quite a while
> > (I thought more than a day) to get a message up this high without being
> > throttled.
> > 
> > streaming a message through is impossible since it is basically generating
> > a DOM tree per message packet, and using that as the basis of any routing
> > at all.  Also, if it was client->server->client, it wouldn't be able to
> > stream to the other client, if the first client got hung up midstream, the
> > second client would be stuck with an invalid XML stream and would be forced
> > to disconnect as well.
> 
> I was looking at implementing jabberd for routing all sorts of messages, 
> but I guess a more sane approach is to use the jabber protocol for 
> control messages etc, doing the actual transfer of large objects 
> directly client to client. Jabber would be very well suited for that.
> 
> 
> Thanks for your reply!
> Kind regards,
> Dennis
> 
> 
>  
> > -David Waite
> > 
> > 
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 
> 


Mark Wilcox
mark at mjwilcox.com
Got LDAP?




More information about the JDev mailing list