SCRAM-SHA-***(-PLUS) supports #4
Comments
Neustradamus
changed the title
|
Please feel free to implement those and add a pull request. Thank you! |
|
@fabiang: Have you looked on it? Thanks in advance. |
|
If you need them, please create a PR and I'll be happy to add them. Thanks. |
|
Closing this due age. PR is still very welcome for this. |
|
@fabiang: The problem is always here, it is not a solution to close it... |
|
I was able to add support for some of the algos. The following authentication methods were supported before and I've also updated the integration tests to test them:
Those should have been working before, but I can't test them automatically
This should be working now, but can't be tested either:
Also I'm unable to add support for all the *-PLUS algorithms since OpenSSL/PHP doesn't have an API for channel binding (same problem as in #11) . |
|
@fabiang: Thanks a lot for your commit! Can you add topics in your repo?
ejabberd: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS): Tigase XMPP Server: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS): MongooseIM supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) | Without CB 1.3: Metronome IM supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) | Without CB 1.3: Jackal supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS), SCRAM-SHA3-512(-PLUS) | Without CB 1.3: Prosody supports: SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS): |
|
What topics you're talking about? Is there any server software available that supports |
|
At right here: https://github.com/fabiang/sasl (gear) ^^ There are several lists, search SHA3 here: |
|
I don't see any server software that supports |
|
@fabiang: Jackal but it is now a dead project: https://github.com/search?q=repo%3Aortuman%2Fjackal+sha3&type=code |
|
@fabiang: Recently some SCRAM hashes have been added in:
A good job done by @schengawegga. Maybe you can help for -PLUS variants? And for repositories: |
After:
Can you add supports of:
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- https://tools.ietf.org/html/rfc5802
-- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- https://tools.ietf.org/html/rfc7677 since 2015-11-02
-- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
-- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: