Difference between revisions of "SASL Authentication and SCRAM"

Jump to navigation Jump to search

SASL Authentication and SCRAM (view source)

Revision as of 07:06, 16 August 2022

855 bytes removed ,  07:06, 16 August 2022
m
no edit summary
m
m
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== State of Play ==
Go here: https://github.com/scram-xmpp/info/issues/1
== Introduction ==
== Introduction ==
=== SCRAM-SHA-1(-PLUS) ===
=== SCRAM-SHA-1(-PLUS) ===
Line 11: Line 8:
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client.
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client.


With changes from TLS 1.2 to TLS 1.3, an Internet-Draft is in progress for TLS Binding and TLS 1.3: [https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13 Channel Bindings for TLS 1.3: draft-ietf-kitten-tls-channel-bindings-for-tls13].
With changes from TLS 1.2 to TLS 1.3, an RFC has been done: [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3].


=== SCRAM-SHA-256(-PLUS) ===
=== SCRAM-SHA-256(-PLUS) ===
Line 30: Line 27:
* Servers: DJabberd 0.90+, Erlang Solutions MongooseIM 3.7+, Isode M-Link, Jackal IM, Metronome IM, ProcessOne ejabberd 20.12+, Tigase XMPP Server 8.0+
* Servers: DJabberd 0.90+, Erlang Solutions MongooseIM 3.7+, Isode M-Link, Jackal IM, Metronome IM, ProcessOne ejabberd 20.12+, Tigase XMPP Server 8.0+
* Clients: Conversations, CoyIM, eyeCU, KDE Kaidan, Miranda NG, Psi/Psi+ (with QCA), Tigase Stork IM, Vacuum IM
* Clients: Conversations, CoyIM, eyeCU, KDE Kaidan, Miranda NG, Psi/Psi+ (with QCA), Tigase Stork IM, Vacuum IM
* Libraries: cr-xmpp, liangdefeng/Sharp.Xmpp.Client, libstrophe, QXmpp, Tigase JaXMPP, Wocky, processone/xmpp
* Libraries: cr-xmpp, liangdefeng/Sharp.Xmpp.Client, libstrophe, processone/xmpp, python-nbxmpp, QXmpp, Tigase JaXMPP, Wocky, processone/xmpp


Others:
Others:
Line 214: Line 211:
Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code>
Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code>


== SCRAM-SHA-256(-PLUS) ==
== Further Reading ==
 
Possibly, also adding [https://tools.ietf.org/html/rfc7677 RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms]
 
=== Overview ===
 
=== In detail ===
 
=== Extras ===
 
=== Common pitfalls ===
 
=== Test vectors ===
 
== SCRAM-SHA-512(-PLUS) ==
 
Possibly, also adding [https://tools.ietf.org/html/draft-melnikov-scram-sha-512 SCRAM-SHA-512 and SCRAM-SHA-512-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: draft-melnikov-scram-sha-512]
 
=== Overview ===
 
=== In detail ===
 
=== Extras ===
 
=== Common pitfalls ===
 
=== Test vectors ===
 
== SCRAM-SHA3-512(-PLUS) ==
 
Possibly, also adding [https://tools.ietf.org/html/draft-melnikov-scram-sha3-512 SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: draft-melnikov-scram-sha3-512]
 
=== Overview ===
 
=== In detail ===
 
=== Extras ===


=== Common pitfalls ===
=== Channel Bindings ===
 
=== Test vectors ===
 
== Channel Bindings ==


* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels]
* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels]
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS]
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS]
* [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3]
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types]
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types]
* [https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13 Channel Bindings for TLS 1.3: draft-ietf-kitten-tls-channel-bindings-for-tls13]
== IANA ==


* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms]
=== Other Related Protocols ===
 
== LDAP ==


* [https://tools.ietf.org/html/draft-melnikov-scram-bis Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: draft-melnikov-scram-bis]
* [https://tools.ietf.org/html/rfc9051 RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2]
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets]
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets]
== HTTP ==
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism]
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism]
 
* [https://tools.ietf.org/html/draft-ietf-kitten-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-ietf-kitten-scram-2fa]
== 2FA ==
* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms]
 
* [https://github.com/scram-sasl/info/issues/1 SCRAM-SASL State of Play]
* [https://tools.ietf.org/html/draft-melnikov-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-melnikov-scram-2fa]
Neustradamus
216

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/13869...14046"

Navigation menu