216
edits
Neustradamus (talk | contribs) m |
Neustradamus (talk | contribs) m |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
=== SCRAM-SHA-1(-PLUS) === | === SCRAM-SHA-1(-PLUS) === | ||
Line 11: | Line 8: | ||
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client. | Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client. | ||
With changes from TLS 1.2 to TLS 1.3, an | With changes from TLS 1.2 to TLS 1.3, an RFC has been done: [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3]. | ||
=== SCRAM-SHA-256(-PLUS) === | === SCRAM-SHA-256(-PLUS) === | ||
Line 30: | Line 27: | ||
* Servers: DJabberd 0.90+, Erlang Solutions MongooseIM 3.7+, Isode M-Link, Jackal IM, Metronome IM, ProcessOne ejabberd 20.12+, Tigase XMPP Server 8.0+ | * Servers: DJabberd 0.90+, Erlang Solutions MongooseIM 3.7+, Isode M-Link, Jackal IM, Metronome IM, ProcessOne ejabberd 20.12+, Tigase XMPP Server 8.0+ | ||
* Clients: Conversations, CoyIM, eyeCU, KDE Kaidan, Miranda NG, Psi/Psi+ (with QCA), Tigase Stork IM, Vacuum IM | * Clients: Conversations, CoyIM, eyeCU, KDE Kaidan, Miranda NG, Psi/Psi+ (with QCA), Tigase Stork IM, Vacuum IM | ||
* Libraries: cr-xmpp, liangdefeng/Sharp.Xmpp.Client, libstrophe, QXmpp, Tigase JaXMPP, Wocky, processone/xmpp | * Libraries: cr-xmpp, liangdefeng/Sharp.Xmpp.Client, libstrophe, processone/xmpp, python-nbxmpp, QXmpp, Tigase JaXMPP, Wocky, processone/xmpp | ||
Others: | Others: | ||
Line 214: | Line 211: | ||
Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code> | Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code> | ||
== | == Further Reading == | ||
= | === Channel Bindings === | ||
== Channel Bindings == | |||
* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels] | * [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels] | ||
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS] | * [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS] | ||
* [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3] | |||
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types] | * [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types] | ||
=== Other Related Protocols === | |||
== | |||
* [https://tools.ietf.org/html/draft-melnikov-scram-bis Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: draft-melnikov-scram-bis] | |||
* [https://tools.ietf.org/html/rfc9051 RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2] | |||
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets] | * [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets] | ||
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism] | * [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism] | ||
* [https://tools.ietf.org/html/draft-ietf-kitten-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-ietf-kitten-scram-2fa] | |||
* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms] | |||
* [https://github.com/scram-sasl/info/issues/1 SCRAM-SASL State of Play] | |||
* [https://tools.ietf.org/html/draft- |
edits