Skip to content
This repository has been archived by the owner on Jan 29, 2024. It is now read-only.

SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports #51

Open
Neustradamus opened this issue Jan 6, 2019 · 20 comments

Comments

@Neustradamus
Copy link

Neustradamus commented Jan 6, 2019

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

There is only SCRAM-SHA-1, can you add support for?

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

LDAP:

  • RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

2FA:

IANA:

Linked to:

@COM8 COM8 added this to the Release (v.1.0) ~2019/2020 milestone Jan 6, 2019
@COM8
Copy link
Member

COM8 commented Jan 6, 2019

SCRAM-SHA-256 support should be easy to add.
But the PLUS versions take a little bit more work to be done.

Thanks for the RFC links!

COM8 added a commit that referenced this issue Jan 6, 2019
@Neustradamus
Copy link
Author

@COM8 Thanks for all commits that you have done about SCRAM-SHA-256!
I can not wait for -PLUS variant ^^

KingKili pushed a commit that referenced this issue Jan 17, 2019
@Neustradamus
Copy link
Author

It is possible to add for 512 too?

@COM8
Copy link
Member

COM8 commented Jan 18, 2019

Hmmm, well it would be really easy to add support for the 512 variants too, but I don't think it's that useful since everything using SHA-1 is basically deprecated at this point (Reference). It also is not proven, that it provides more security in any way (If the mechanism is broken why should increasing the iterations count improve security?).

An other point is: You can use SCRAM-SHA-1 as auth method and send an iteration count >= 4096 to your clients because the "number" only handles the min iterations count that is required.
So I see this as a responsibility of the server software you are using, setting the "iterations count" to an appropriate value.

Do you know any server that actually supports the 256 and 512 versions?

Let me think about it for a couple of days and I will come back to it then.

Thanks for your suggestion!

@Neustradamus
Copy link
Author

Neustradamus commented Jan 18, 2019

List here: scram-sasl/info#1

@COM8
Copy link
Member

COM8 commented Jan 20, 2019

OK I will add support for it, since it's quiet easy to do. Do you have any RFC for it? Can't find any.

@Neustradamus
Copy link
Author

Only RFCs cited before.
But a lot of softwares (cited previously and others) use other possibilities too...

@Neustradamus Neustradamus changed the title SCRAM-SHA-1-PLUS + SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) supports Mar 20, 2019
@Neustradamus
Copy link
Author

From RFC8600: "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

@COM8
Copy link
Member

COM8 commented Aug 23, 2019

If this is the TLDR out of the paper - sure yes, that's true 😄 .

@Neustradamus
Copy link
Author

XMPP servers remove the old history unsecured MD5 support, any news on it?

@COM8
Copy link
Member

COM8 commented Apr 21, 2020

Nope. I've never actually implemented MD5 since it's not save since ages.
Currently the following mechanisms are supported:

  • PLAIN
  • SHA256
  • SHA1

@Neustradamus
Copy link
Author

Can you add other SCRAM possibilities?
To have 1/224/256/384/512?
And for -PLUS variants, complicated?
Some clients already supported it, look the link in main publication :)

@COM8
Copy link
Member

COM8 commented Apr 28, 2020

The non PLUS variants are easy to add, but for the PLUS variants I need to pass the server certificate to the mechanism which is not possible right not.
It requires quiet a bit of work since I have to reengineer the way the connection gets handled.
Perhaps add a connection context of some sorts, where I store information like the cert.

@Neustradamus Neustradamus changed the title SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) supports SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports Nov 1, 2020
@COM8
Copy link
Member

COM8 commented Nov 1, 2020

@Neustradamus, Thanks.

@Neustradamus
Copy link
Author

@COM8: Can you add 512 like others?

@COM8
Copy link
Member

COM8 commented Jan 28, 2021

512 as I can see it, yes. But the PLUS variants are not.

@Neustradamus
Copy link
Author

SCRAM-SHA-512, and maybe SCRAM-SHA3-512 too?

Yes I know, PLUS variants is different...

@COM8
Copy link
Member

COM8 commented Jan 29, 2021

Don't know right now. I have to have a look into it.

COM8 added a commit that referenced this issue May 31, 2021
@COM8
Copy link
Member

COM8 commented May 31, 2021

Just a small update from my side on this.
I fixed the SCRAM-SHA-256 implementation #153 .
SCRAM-SHA-512 is currently not possible for me, since c# on UWP currently does not support SHA3 hashing with Rfc2898DeriveBytes. For this I have to implement my own PBKDF2 password-based key derivation function which is currenly out of my scope.

@Neustradamus
Copy link
Author

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants