help-gsasl
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCRAM-SHA-1 salted password generation


From: Simon Josefsson
Subject: Re: SCRAM-SHA-1 salted password generation
Date: Tue, 25 May 2010 07:23:59 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Arc Riley <address@hidden> writes:

> Is there a function available to encode a hashed password for use with
> SCRAM-SHA-1 on a server?

Not right now.

We could add it, but I'm not sure how it would work -- do you want to
provide the salt yourself?  Or should the function generate it?  Also, a
SCRAM key actually consists of two parts, the StoredKey and the
ServerKey, would you want to get both in separate fields or combined in
one field?

How about something like this:

  extern GSASL_API int
  gsasl_scram_sha1_passwd (const char *password,
                           const char *salt, size_t saltlen,
                           unsigned long iterations,
                           char *storedkey[20],
                           char *serverkeys[20]);

There should probably be property fields for providing the
storedkey/serverkey values (and the salt value) to the library, so the
server can use those fields instead of requiring access to the raw
password.

/Simon



reply via email to

[Prev in Thread] Current Thread [Next in Thread]