[jdev] sniffing

[Alexey Nezhdanov]

В сообщении от Среда 27 Октябрь 2004 11:48 Alex Kogan написал(a):
> Hi everyone,
>
>  I'm  new  to  this  mailing list. And I have a question to all Jabber
>  developers  concerning  security issues. I'm working on a Jabber-like
>  protocol  for  one-to-many  chatting, it will be simpler and used for
>  local  needs  mostly.  I'm  writing a server in PHP and would like to
>  find  the  best  way  to  protect communication in this protocol from
>  sniffing.  Is this possible? I was reading through the Jabber RFC and
>  seems  that  I  should  look  deeper  into  the  TSL and SASL issues.
TLS provides extra crypto-layer so all data passed forth and back will be 
protected - just like if you working via SSH, for example.
>  However,  I was not able to get the idea of how these security issues
>  work  in  practice.  Can  you  help  me  giving a practical advice on
>  implementing  client-server  communication which is somehow encrypted
>  and    still    be   possible   to   read   for   server/client   and
>  sniffing-protected  at  the  same  time?  I  also  had  a  look  into
>  class.jabber.php  and  its  SendAuth() method, but again, I failed to
>  get  the  idea  of  md5() encoding. Is the whole conversation encoded
>  further?
Old auth uses md5 method for authentication. The password is not decodeable - 
the provided info is just enough only for auth.
>
>  Thank  you. Hoping you can help me, at least show the right direction
>  for me.
You should really consider using TLS.

And, BTW - why not use jabber for it? It have support for one-to-many chat. It 
have name Multi-User-Chat (JEP-0045)

-- 
Respectfully
Alexey Nezhdanov