Category Archives: Features

Prosody stores hashed passwords

Recently Prosody gained the ability to store passwords in a hashed form.
With the upcoming upgrade next weekend this feature will be enabled.

It’s an important change as a possible attacker wouldn’t be able to look at users passwords anymore even if he gained access to the server.

This is possible due to a new authentication mechanism called SCRAM. For the best possible security use a client that supports SCRAM (such support is already being added to most of the popular clients). In the meantime Prosody will allow clients to use the standard PLAIN mechanism, and perform the SCRAM calculations on the server side.

The code has been contributed by jefferai, thanks!

Update: Done 🙂

Hello Spectrum

For some time now Spectrum made itself a name for being a fast and reliable transport between XMPP and “legacy networks”. After moving from ejabberd to Prosody XMPP-wise, switching away from the python based transport has been a task on our to-do list for far too long.

The most visible differences for end-users will be another domain being used and more choice in regard to supported protocols. Namely aim gg icq irc msn qq simple xmpp and yahoo. The current transports located at “” will be available under “” along with the new ones in the future. The necessary changes in your roster are being done automatically and should not result in more than a short disconnect.

Update: The migration has been completed successfully. In some cases users may ended up with the wrong encoding for their country. If you should experience problems please contact us in (webchat).

Update 2: We currently experience a problem where the transport suddenly stops reacting. Spectrum’s development team has been informed and we expect a fix by the end of the week. If you notice connection problems, please use the chatroom mentioned above to let us know.

Privacy Lists are available now, Prosody 0.6 soon will be

Today we enabled a module (mod_privacy) which implements XEP-0016 in Prosody.

This specification defines an XMPP protocol extension for enabling or disabling communication with other entities on a network. The protocol, which was first standardized in Section 10 of RFC 3921, can be used to block communication with unknown or undesirable entities. Blocking can be based on Jabber Identifier, subscription state, or roster group. The blocked stanzas can be messages, IQs, inbound or outbound presence stanzas, or all stanzas. The protocol also enables an entity to create, modify, or delete its privacy lists, apply different lists to different connected resources, define a default list, and decline the use of any privacy list during a particular communications session.

We thank Thilo Cestonaro for his work, he is currently working on mod_proxy65 (implementing XEP-0065, supposed to ease filetransfers), which is likely to be followed by a logging plugin. It will enable MUC owners to enable logging for their room.

But not only are there more and more plugins contributed by the growing Prosody community, Prosody itself is close to a release candidate of version 0.6.
As always it will include a lot of bug fixes as well as major new features, this time including S2S TLS support.