I have been searching for an answer to this question, and I have been unable to find a complete answer.
So here I am!
Ok, so first question:
I know that Openfire encrypts user passwords when storing them in the database. I know how it encypts the passwords.
What I am not entirely clear on is why.
Now, I should say, I understand why if the account needs to authenticate to an outside server, such as with Kraken. But if the account is for the Openfire chat server, why am I stuck encrypting instead of doing a secure hash?
This leads into my second question.
Given that no user account on my Openfire implementation will ever need to authenticate to any system outside of Openfire, is there any method already built into Openfire to allow me to store their passwords as secure one-way hashes instead of encrypting them?