[jdev] Alternate MUC Authentication Mechanisms
Alex Milowski
alex at milowski.org
Thu Oct 21 19:25:06 CST 2010
On Thu, Oct 21, 2010 at 5:05 PM, Kurt Zeilenga <Kurt.Zeilenga at isode.com> wrote:
>
> On Oct 21, 2010, at 4:32 PM, Alex Milowski wrote:
>>
>> For many of these mechanisms to work properly, you need a challenge
>> from the service (the room service in this case) that contains,
>> amongst other things, a nonce from the service. I think the
>> additional chatter can't be avoided.
>
> My suggestion, with or without timestamp, avoids it.
I hash without a nonce from the server is just insufficient.
--
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."
Bertrand Russell in a footnote of Principles of Mathematics
More information about the JDev
mailing list