[jdev] Alternate MUC Authentication Mechanisms
Alex Milowski
alex at milowski.org
Thu Oct 21 16:52:30 CST 2010
On Thu, Oct 21, 2010 at 2:50 PM, Dave Cridland <dave at cridland.net> wrote:
>
> But in these cases, the attacker can not only read, but spoof, traffic. In
> which case they can at least insert traffic of their choosing into a
> session.
>
> Also, if they have the challenge and response in the clear, they can perform
> a dictionary attack offline.
>
> I suspect you're way past hashing the room's secret and well into at least
> signing stanzas (and having a provisioning step for certificates,
> optionally), if not encrypting them.
I feel like we're going around in circles here. There are plenty of
reasons why digest/challenge-based authentication would be more secure
than clear-text passwords. The MUC specification [1] doesn't define
these. What I'm after is how something like simple DIGEST
authentication should be discovered and implemented and not really a
debate about its relative value. I find it a valuable additional
layer and I suspect I wouldn't be alone.
There have been two different proposals--one using iq and one using
presence--that seem quite straightforward. I prefer the presence
stanza based method.
In totality, I also want a MUC room where the password isn't shared.
I don't see anything in the specification that says that a MUC room
service can't be pre-configured with a certain number pre-registered
room members each of whom has their own set of credentials.
[1] http://xmpp.org/extensions/xep-0045.html#security
--
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."
Bertrand Russell in a footnote of Principles of Mathematics
More information about the JDev
mailing list