SCRAM-SHA-256(-PLUS) for ejabberd
- Neustradamus -
neustradamus@REDACTED
Sun Nov 17 22:48:19 CET 2019
Hello all,
Currently there is only SCRAM-SHA-1 in ejabberd.
I search people to look the code for have more easy possibilities:
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-224
- SCRAM-SHA-224-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
-PLUS variants -> "tls-unique"
Links:
- https://github.com/processone/fast_tls/blob/master/src/p1_sha.erl
- https://github.com/processone/xmpp/
- https://github.com/processone/ejabberd/
- https://github.com/processone/ejabberd-contrib/
RFCs:
- RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802
- RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677 - since 2015-11-02
- RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
- RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
- RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803
- RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804
IANA:
- Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml
- Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
Cyrus SASL supports:
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-224
- SCRAM-SHA-224-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
-> https://cyrusimap.org/sasl/sasl/authentication_mechanisms.html
-> https://github.com/cyrusimap/cyrus-sasl/commits/master
Dovecot SASL supports:
- SCRAM-SHA-1
-> https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
GNU SASL supports:
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
-> http://www.gnu.org/software/gsasl/
CRAM-MD5 to Historic:
- https://tools.ietf.org/html/draft-ietf-sasl-crammd5-to-historic-00 // 20 November 2008
RFC6331: Moving DIGEST-MD5 to Historic
- https://tools.ietf.org/html/rfc6331 since July 2011
More informations:
- https://github.com/scram-xmpp/info/issues/1
Thanks in advance for your help.
Regards,
Neustradamus
More information about the erlang-questions
mailing list