-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement XEP-0480: SASL Upgrade Tasks #80
Comments
Side note: I've wrote a blog post about modern SASL authentication that more or less led to all of these SASL2 related XEPs over here: https://monal-im.org/post/00004-sasl/ |
Important too :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is the last missing piece for modern SASL2 authentication: XEP-0480: SASL Upgrade Tasks is needed to make sure clients can update the old SHA-1 password hashes to more secure alternatives like SHA-256.
This isn't as urgent as the other SASL2 related stuff you just implemented, but needed to make sure we can transition from SHA-1 to something more secure before SCRAM-SHA-1 becomes insecure.
This transition will take quite some time, so it is good to start early with this.
I promise this is the last SASL-related implementation request I'm doing ;)
BTW: This XEP was originally developed inside the main SASL2 XEP (XEP-0388) but later factored out to not create another of these large XEPs like MUC or PubSub.
The text was updated successfully, but these errors were encountered: