FAQ: Why does psyced store passwords in the clear?

Because it needs the password to be able to calculate hashes, thus avoiding passwords to be transfered over the wire in the clear. This allows for SASL and equivalent authentication strategies.

Storing hashes in the server would require users to always transmit the password over the wire in the clear. Since in many cases you would use transport layer encryption to wrap such a transmission, this may be acceptable. psyced could provide a tuning that enables such behaviour. This would disable SASL compliance as expected by Jabber clients.

See also