[JDEV] Account information storage, plaintext?

Michael Brown michael at aurora.gen.nz
Tue Sep 16 06:27:57 CDT 2003 

From: "Richard Dobson"
> > > > The use of a two way algorithm would still require the user do more
> > > > than cat the file to find the password.  Why should we make it as
> > > > easy as possible for people (admins or not) to find out other
> > > > people's passwords?  If anything we should be taking every possible
> > > > step to do exactly the opposite.
> > >
> > > Because as already mentioned transports simply wont work if you cannot
> > > obtain the original plaintext password, also current authentication
> > > schemes will not work either, and as ive already said it makes it very
> > > difficult to integrate jabber into an existing system if you cannot
> > > get at the plaintext password.
> >
> > Please reread my statement.  I referenced the use of a two way
> > algorithm, not a one way.  A two way algorithm would allow the
> > transports and server access to the original plaintext password.
>
> I did, I was reading the statement "Why should we make it as easy as
> possible for people (admins or not) to find out other people's
passwords?",
> which I read as meaning that we should be using one way hashes and not two
> way encryption.

Ok - at the risk of getting into the middle of what looks like becoming a
flamewar, maybe I can sum up by saying/asking:

1) No one here is saying that it is possible/practical to use one way hashes
to store the passwords required by transports on the server.  (No more
explanations of how hashes work, or why one-way encryption won't are
required!)

2) Everyone acknowledges that these passwords aren't going to be 100%
secure, esp as they are usually required to be sent in plain text to the
server (which is Bad (tm)).  You have to trust your server admin etc etc.

3) Some people on the list - myself included - cannot understand why a
simple *two way* encryption method isn't employed so that, at the very
least, the passwords aren't as easily human readable/recognisable.  (If
there is a good reason, please explain this!)

4) It is acknowledged that a) the server will need to translated/send these
passwords in plain text, b) integration with other apps may require password
*stored* in plain text. (But please explain if there is a good reason why
this should be the default)

Thanks!

Michael.

More information about the JDev mailing list