Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCRAM-SHA-1(-PLUS) + SCRAM-SHA-224(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports #9

Open
Neustradamus opened this issue Nov 14, 2020 · 7 comments
Open

SCRAM-SHA-1(-PLUS) + SCRAM-SHA-224(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports #9

Neustradamus opened this issue Nov 14, 2020 · 7 comments

Comments

@Neustradamus
Copy link

Neustradamus commented Nov 14, 2020
edited
Loading

Can you add supports of :

  • SCRAM-SHA-1
  • SCRAM-SHA-1-PLUS
  • SCRAM-SHA-224
  • SCRAM-SHA-224-PLUS
  • SCRAM-SHA-256
  • SCRAM-SHA-256-PLUS
  • SCRAM-SHA-384
  • SCRAM-SHA-384-PLUS
  • SCRAM-SHA-512
  • SCRAM-SHA-512-PLUS
  • SCRAM-SHA3-512
  • SCRAM-SHA3-512-PLUS

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

SCRAM-SHA-1(-PLUS):

SCRAM-SHA-256(-PLUS):

SCRAM-SHA-512(-PLUS):

SCRAM-SHA3-512(-PLUS):

SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:

-PLUS variants:

IMAP:

LDAP:

  • RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

JMAP:

2FA:

IANA:

Linked to:
@filipnavara
Copy link

Just a sidenote: SHA-224 and SHA3 are not implemented in .NET so it's unlikely the support for them would be easy to add. The other ones are pretty simple for the basic username/password login situation. We are currently using a different XMPP implementation in our project but we are looking into the possibility to switch to this library. SCRAM-SHA-1 is the only one that we saw in a more widespread use.

@ChristopheI
Copy link
Collaborator

Hi,
I'm working and maintaining this library since I'm using it in business projects.
I have not so much time to develop extra features and more specifically when it's necessary to configure server settings ...
But ,iIf you have the opportunity to provide me an account so I can use a server with this kind of authentications it will help a lot !
And with a priority list of authentication mechanism too (I notice SCRAM-SHA-1 as first one)
Thx.

PS: Which library are you using ?

@filipnavara
Copy link

Which library are you using?

We used a fork of Jabber-Net which was an old library ported over from Java. Since we forked it about 10 years ago it doesn't resemble much of the original code, or the last maintained fork at https://github.com/ForNeVeR/jabber-net. Specifically, for authentication we use our own SASL library that implements variety of the authentication mechanism and we share this library for IMAP, SMTP and other protocols. Structurally it's very similar to the SASL methods in this library. I am pondering whether there would be any point in open sourcing it.

For reference, here's a current source of our authentication classes (free to use under MIT license but not maintained):
MailClient.Authentication.zip

If the original issue author doesn't come up with some test servers I can ask Alexey (the author of the RFCs) to see if he / Isode would be able to provide some.

@Neustradamus
Copy link
Author

Hello all,

Thanks for your comment :)

XMPP servers, XMPP clients, XMPP librairies are listed with SCRAM possibilities here:

MailKit (https://github.com/jstedfast/MailKit) supports:

  • SCRAM-SHA-1
  • SCRAM-SHA-256
  • SCRAM-SHA-512

SHA3, linked to:

@ChristopheI
Copy link
Collaborator

Thank you for your inputs. I will take a deeper look at the end of the week.

This was referenced Jan 26, 2021
Open
Open
Open
Open
Open
Closed
@Neustradamus
Copy link
Author

@filipnavara, @ChristopheI: I have added some linked repositories but not all: please look forks/commits:

3 supports SCRAM-SHA-1 (but not others):

@Neustradamus Neustradamus mentioned this issue Jan 6, 2022
Open
@Neustradamus
Copy link
Author

@filipnavara, @ChristopheI: Have you progressed on it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Neustradamus @filipnavara @ChristopheI