216
edits
Difference between revisions of "SASL Authentication and SCRAM"
Jump to navigation
Jump to search
m
SASL Authentication and SCRAM (view source)
Revision as of 07:06, 16 August 2022
, 07:06, 16 August 2022no edit summary
(Remove several empty sections.) |
Neustradamus (talk | contribs) m |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
=== SCRAM-SHA-1(-PLUS) === | === SCRAM-SHA-1(-PLUS) === | ||
| Line 11: | Line 8: | ||
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client. | Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client. | ||
With changes from TLS 1.2 to TLS 1.3, an | With changes from TLS 1.2 to TLS 1.3, an RFC has been done: [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3]. | ||
=== SCRAM-SHA-256(-PLUS) === | === SCRAM-SHA-256(-PLUS) === | ||
| Line 214: | Line 211: | ||
Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code> | Server's server signature (hex): <code>ae617da6a57c4bbb2e0286568dae1d251905b0a4</code> | ||
== Channel Bindings == | == Further Reading == | ||
=== Channel Bindings === | |||
* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels] | * [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels] | ||
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS] | * [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS] | ||
* [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3] | |||
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types] | * [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types] | ||
== | === Other Related Protocols === | ||
* [https://tools.ietf.org/html/draft-melnikov-scram-bis Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: draft-melnikov-scram-bis] | * [https://tools.ietf.org/html/draft-melnikov-scram-bis Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: draft-melnikov-scram-bis] | ||
* [https://tools.ietf.org/html/rfc9051 RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2] | * [https://tools.ietf.org/html/rfc9051 RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2] | ||
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets] | * [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets] | ||
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism] | * [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism] | ||
* [https://tools.ietf.org/html/draft-ietf-kitten-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-ietf-kitten-scram-2fa] | |||
* [https://tools.ietf.org/html/draft- | |||
* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms] | * [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms] | ||
* [https://github.com/scram-sasl/info/issues/1 SCRAM-SASL State of Play] | |||