[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SCRAM methods
|
From: |
Simon Josefsson |
|
Subject: |
Re: SCRAM methods |
|
Date: |
Fri, 03 Jan 2020 15:09:59 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Jeremy Harris <address@hidden> writes:
> Hi,
>
> On 25/12/2019 16:31, Jeremy Harris wrote:
>> So, please consider these feature requests:
>>
>> - library API returning a salted-password, given password and
>> optional salt, optional iteration-count
>> - utility access to that API
>> - library acceptance and use, server side, of a salted password.
>
> I have written the code for parts 3 and 1 of the above, and
> tested with Exim. These patches apply cumulatively onto
> d5976869c4.
>
> The first patch makes the server-side SCRAM implementation behave like
> the client-side, in that it looks for a salted-password property first,
> then falling back to the existing use of a plaintext-password property.
> The server application must still supply the salt and iteration-count.
>
> The second patch writes a salted-password property, server-side, if the
> plaintext source and calculation procedure is followed; this permits an
> application to extract the salted-password for storage.
>
> I've not touched the docs.
Thank you -- I have added this on the 'scram-sha256' branch which is
where all development happens right now. I will improve the docs to
match the new behaviour.
/Simon
signature.asc
Description: PGP signature
- Re: SCRAM methods, Simon Josefsson, 2020/01/03
- Re: SCRAM methods,
Simon Josefsson <=
- Re: SCRAM methods, Jeremy Harris, 2020/01/03
- Re: SCRAM methods, Simon Josefsson, 2020/01/03
- Re: SCRAM methods, Jeremy Harris, 2020/01/03
- Re: SCRAM methods, Jeremy Harris, 2020/01/05
- Re: SCRAM methods, Simon Josefsson, 2020/01/06
- Re: SCRAM methods, Jeremy Harris, 2020/01/06
- Re: SCRAM methods, Simon Josefsson, 2020/01/14
- Re: SCRAM methods, Jeremy Harris, 2020/01/14
- Re: SCRAM methods, Jeremy Harris, 2020/01/06