I would just like you all to take a moment to look at
I find it disappointing that a popular client like Jitsi does not do
SCRAM-SHA-1 (or -PLUS). It's mandatory to implement per RFC 6120. Any
service that does not want to store passwords in plain text end up
forcing their users to send their passwords in plain text over the wire
There's a nice writeup on the issue here:
Please, at least vote for the issue.
Kim "Zash" Alvefur