Difference between revisions of "SASL Authentication and SCRAM"

Jump to navigation Jump to search
m
no edit summary
m (Condense lots of individual sections with single links in them)
m
 
Line 8: Line 8:
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client.
Its main benefits are in offering both a method to salt and hash the password in storage and in transit. This page aims to give a short introduction on how to implement it in a client.


With changes from TLS 1.2 to TLS 1.3, an Internet-Draft is in progress for TLS Binding and TLS 1.3: [https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13 Channel Bindings for TLS 1.3: draft-ietf-kitten-tls-channel-bindings-for-tls13].
With changes from TLS 1.2 to TLS 1.3, an RFC has been done: [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3].


=== SCRAM-SHA-256(-PLUS) ===
=== SCRAM-SHA-256(-PLUS) ===
Line 217: Line 217:
* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels]
* [https://tools.ietf.org/html/rfc5056 RFC5056: On the Use of Channel Bindings to Secure Channels]
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS]
* [https://tools.ietf.org/html/rfc5929 RFC5929: Channel Bindings for TLS]
* [https://tools.ietf.org/html/rfc9266 RFC9266: Channel Bindings for TLS 1.3]
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types]
* [https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml Channel-Binding Types]
* [https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13 Channel Bindings for TLS 1.3: draft-ietf-kitten-tls-channel-bindings-for-tls13]


=== Other Related Protocols ===
=== Other Related Protocols ===
Line 226: Line 226:
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets]
* [https://tools.ietf.org/html/rfc5803 RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets]
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism]
* [https://tools.ietf.org/html/rfc7804 RFC7804: Salted Challenge Response HTTP Authentication Mechanism]
* [https://tools.ietf.org/html/draft-melnikov-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-melnikov-scram-2fa]
* [https://tools.ietf.org/html/draft-ietf-kitten-scram-2fa Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: draft-ietf-kitten-scram-2fa]
* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms]
* [https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml Simple Authentication and Security Layer (SASL) Mechanisms]
* [https://github.com/scram-sasl/info/issues/1 SCRAM-SASL State of Play]
216

edits

Navigation menu