Difference between revisions of "XMPP IM Client Design Guidelines"

Jump to navigation Jump to search
Tweak some language around hashes to keep the title short and fix some misconceptions about old hashing mechanisms (which are entirely broken)
m (Make some language gender neutral)
(Tweak some language around hashes to keep the title short and fix some misconceptions about old hashing mechanisms (which are entirely broken))
Line 118: Line 118:




== Implement SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 / SCRAM-SHA3-512 ==
== Implement PLAIN and SCRAM ==


=== Description ===
=== Description ===
Line 128: Line 128:
=== Rationale ===
=== Rationale ===


Hashing and salting passwords helps making it hard to retrieve the plain password from a compromised server. However, we would also like to be able to protect the password while it is in transit. These two concepts are difficult to combine: DIGEST-MD5 and CRAM-MD5 only protect the password in transit – the mechanisms can't work if the server wants to store the password hashed and salted. SCRAM fixes that and supports both hashed storage and hashed transmission.
Hashing and salting passwords helps making it hard to retrieve the plain password from a compromised server. However, we would also like to be able to protect the password while it is in transit. These two concepts are difficult to combine: DIGEST-MD5 and CRAM-MD5 do not protect the password in transit or at rest – the mechanisms can't work if the server wants to store the password hashed and salted. SCRAM protects the password both in flight and at rest.


While it would be nice to deprecate PLAIN, it is still needed for servers who use a different hashing mechanism than SCRAM needs.
PLAIN is a widely used fallback that is still useful for servers that store their passwords hashed differently than required by SCRAM.


See [[SASL and SCRAM]] for help with implementing SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 / SCRAM-SHA3-512.
See [[SASL and SCRAM]] for help with implementing SCRAM.
183

edits

Navigation menu