Not logged in. · Lost password · Register
Forum: MatriX and XmppDotNet RSS
Saving passwords securely
Avatar
johnm60 2010-08-03, 10:07 #1
Member since Jun 2010 · 32 posts
Group memberships: Members
Show profile · Link to this post
Subject: Saving passwords securely
Hi

Matrix appears to use DIGEST-MD5 when sending passwords to the server. I would like my application to store the user's password in a configuration file after the user has first logged-on to make it easier for the user later.

Is it a realistic approach to store the MD5 hash of the password in the configuration file, so that I do not have clear text password or have to do some other encryption and decryption mechanism?

Does Matrix expose its hashing mechanism so that I could save its hash of the password in the configuration file?

Regards
John
Avatar
Alex 2010-08-03, 12:07 #2
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Which SASL mechanism will be used depends on the supported SASL mechanisms on your server. The next version will also support SCRAM-SHA-1 which will be default in your MLink setup then.

Right now MatriX needs the plain password in the password property. In theory with some SASL mechanisms it would be possible to store a hash, but when you set the properties of the connection I don't which SASL mechanisms are supported by your server yet.

I suggest to encrypt the plain password in your storage with an appropriate crypto algorithm.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:

Forum: MatriX and XmppDotNet RSS