[jdev] sniffing
Trejkaz Xaoza
trejkaz at xaoza.net
Wed Oct 27 06:59:35 CDT 2004
On Wed, 27 Oct 2004 18:14, Justin Karneges wrote:
> On Wednesday 27 October 2004 12:56 am, Alexey Nezhdanov wrote:
> > В сообщении от Среда 27 Октябрь 2004 11:48 Alex Kogan написал(a):
> > > However, I was not able to get the idea of how these security issues
> > > work in practice. Can you help me giving a practical advice on
> > > implementing client-server communication which is somehow encrypted
> > > and still be possible to read for server/client and
> > > sniffing-protected at the same time? I also had a look into
> > > class.jabber.php and its SendAuth() method, but again, I failed to
> > > get the idea of md5() encoding. Is the whole conversation encoded
> > > further?
> >
> > Old auth uses md5 method for authentication. The password is not
> > decodeable - the provided info is just enough only for auth.
>
> Was there an older authentication method that used MD5? I'm only aware of
> the old iq:auth, which uses SHA1. The modern auth is SASL-based.
The DIGEST-MD5 mechanism of SASL is compulsory, AFAIK. So there is a _modern_
authentication method that uses MD5. :-)
TX
--
Email: Trejkaz Xaoza <trejkaz at xaoza.net>
Web site: http://xaoza.net/
Jabber ID: trejkaz at jabber.xaoza.net
GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F A62C B8C7 BC8B 037E EA73
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20041027/f8155f37/attachment-0002.pgp>
More information about the JDev
mailing list