Hashed passwords for Prosody

We just changed the Prosody authentication provider module to hashed SCRAM-SHA-1 passwords.

You most probably will not notice anything. But if your client does not support SCRAM-SHA-1 the password will be sent in plain, not DIGEST-MD5 like until now. So be sure you only use a TLS/SSL connection to the server to protect the password (and also all your other XMPP data like chat messages) inside an encrypted data stream. Some clients might show a warning that DIGEST-MD5 is not longer available on the server.

The next time you log in the password will be automaticly hashed with SCRAM-SHA-1 mechanism.

Leave a Reply

Your email address will not be published. Required fields are marked *

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)