Changes

Jump to navigation Jump to search
m
no edit summary
Line 118: Line 118:       −
== Implement SCRAM-SHA-1 ==
+
== Implement SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 / SCRAM-SHA3-512 ==
    
=== Description ===
 
=== Description ===
Line 124: Line 124:  
Do '''not''': Implement DIGEST-MD5 or CRAM-MD5. These mechanisms only work if the server has access to the plain password.
 
Do '''not''': Implement DIGEST-MD5 or CRAM-MD5. These mechanisms only work if the server has access to the plain password.
   −
Do: Implement SCRAM-SHA-1 and PLAIN.
+
Do: Implement SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 / SCRAM-SHA3-512 and PLAIN.
    
=== Rationale ===
 
=== Rationale ===
   −
Hashing and salting passwords helps making it hard to retrieve the plain password from a compromised server. However, we would also like to be able to protect the password while it is in transit. These two concepts are difficult to combine: DIGEST-MD5 and CRAM-MD5 only protect the password in transit – the mechanisms can't work if the server wants to store the password hashed and salted. SCRAM-SHA-1 fixes that and supports both hashed storage and hashed transmission.
+
Hashing and salting passwords helps making it hard to retrieve the plain password from a compromised server. However, we would also like to be able to protect the password while it is in transit. These two concepts are difficult to combine: DIGEST-MD5 and CRAM-MD5 only protect the password in transit – the mechanisms can't work if the server wants to store the password hashed and salted. SCRAM fixes that and supports both hashed storage and hashed transmission.
   −
While it would be nice to deprecate PLAIN, it is still needed for servers who use a different hashing mechanism than SCRAM-SHA-1 needs.
+
While it would be nice to deprecate PLAIN, it is still needed for servers who use a different hashing mechanism than SCRAM needs.
   −
See [[SASL and SCRAM-SHA-1(-PLUS) / SCRAM-SHA-256(-PLUS)]] for help with implementing SCRAM-SHA-1.
+
See [[SASL and SCRAM-SHA-1(-PLUS) / SCRAM-SHA-256(-PLUS) / SCRAM-SHA-512(-PLUS)]] for help with implementing SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 / SCRAM-SHA3-512.
189

edits

Navigation menu