[jitsi-dev] SCRAM


#1

Hi list!

I would just like you all to take a moment to look at
https://igniterealtime.org/issues/browse/SMACK-398

I find it disappointing that a popular client like Jitsi does not do
SCRAM-SHA-1 (or -PLUS). It's mandatory to implement per RFC 6120. Any
service that does not want to store passwords in plain text end up
forcing their users to send their passwords in plain text over the wire
instead.

There's a nice writeup on the issue here:
https://prosody.im/doc/plain_or_hashed

Please, at least vote for the issue.

Thanks.

ยทยทยท

--
Kim "Zash" Alvefur
Prosody developer