We just changed the Prosody authentication provider module to hashed SCRAM-SHA-1 passwords.
You most probably will not notice anything. But if your client does not support SCRAM-SHA-1 the password will be sent in plain, not DIGEST-MD5 like until now. So be sure you only use a TLS/SSL connection to the server to protect the password (and also all your other XMPP data like chat messages) inside an encrypted data stream. Some clients might show a warning that DIGEST-MD5 is not longer available on the server.
The next time you log in the password will be automaticly hashed with SCRAM-SHA-1 mechanism.
Related Posts:
- Jabber/XMPP Privacy Policy The Hot-Chilli team is committed to the privacy and security of your data on our servers. This includes all Internet…
- Account You can use our web based tools to register an account, change and reset the password for an account, add…
- Server Specs The Hot-Chilli Instant Messaging service is a node on the open Jabber network, based on XMPP, the open standard for…
- Jabber Hosting Own Jabber domains We offer you the chance to run Jabber/XMPP accounts with your own domain. You could have identical…
- We support OMEMO! A few days ago Daniel Gultsch added the column XEP-0384: OMEMO Encryption to his compliance list. It suggested that only…
