[JDEV] Passwords, zero-K and storage

[Oliver Wing]

> > If someone really wants passwords to be
secure, they need to use a secure
> > method of account registration,
authentication, and renewal in the case of 0k.
>
> Yes, this seems to be the weakspot of 0k in
general, the user-initiated
> password setting and changing...

I've never been too hot on the 0k stuff, but
surely setting new passwords could be sequenced as
requested in the initial jabber:iq:auth query when
sent, therefore going in a hashed way rather than
as plain-text, keeping the plain-text off the
wire?

--
Oliver Wing