help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SCRAM methods

From: - Neustradamus -
Subject: RE: SCRAM methods
Date: Fri, 3 Jan 2020 14:48:29 +0000
Hello all,

In first, Happy New Year to all!

Please recall for all, the SCRAM-SHA-256 tree...

Simon, can you add the code on GitHub?
It will be better and it will be nice to have PRs from other devs...

There are already some modified code...

Please look all:
https://github.com/search?o=desc&q=gsasl&s=updated&type=Repositories

Examples:
-> gsasl clone to fix SCRAM-SHA1 server side.
- https://github.com/20centaurifux/gsasl/commits/master
...
- https://github.com/ClickHouse-Extras/libgsasl/commits/master
- https://github.com/markpizz/gsasl/commits/master

I hope a 1.8.2 or 1.9.0 with all changes included SCRAM-SHA-256(-PLUS).

If you can add all the family? 224/384/512 too, it will be nice 🙂
- SCRAM-SHA-1
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-224
- SCRAM-SHA-224-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS

It will be possible to have?
- SHA-512/224
- SHA-512/256
- SHA-512/384

But why, for example: https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme

When 256... will be added, please update the website (http://www.gnu.org/software/gsasl/)
-> RFC7677

You can already do:

Please change:

- Jabberd2, a XMPP server.
->
- jabberd2, an XMPP server

And remove all "." in the list, it is not needed ->
- GNU Emacs, in the Gnus MUA
- GNU Mailutils
- GNU Anubis
- MSMTP
- MPOP
- VMIME
- Vortex Library, a BEEP stack
- jabberd2, an XMPP server

Thanks a lot in advance.

Regards,

Neustradamus

De: Help-gsasl de la part de Simon Josefsson
Envoyé: Vendredi 03 janvier 2020 15:09
À: Jeremy Harris
Cc: address@hidden
Objet: Re: SCRAM methods

Jeremy Harris <address@hidden> writes:

> Hi,
>
> On 25/12/2019 16:31, Jeremy Harris wrote:
>> So, please consider these feature requests:
>>
>> - library API returning a salted-password, given password and
>>   optional salt, optional iteration-count
>> - utility access to that API
>> - library acceptance and use, server side, of a salted password.
>
> I have written the code for parts 3 and 1 of the above, and
> tested with Exim.  These patches apply cumulatively onto
> d5976869c4.
>
> The first patch makes the server-side SCRAM implementation behave like
> the client-side, in that it looks for a salted-password property first,
> then falling back to the existing use of a plaintext-password property.
> The server application must still supply the salt and iteration-count.
>
> The second patch writes a salted-password property, server-side, if the
> plaintext source and calculation procedure is followed; this permits an
> application to extract the salted-password for storage.
>
> I've not touched the docs.

Thank you -- I have added this on the 'scram-sha256' branch which is
where all development happens right now.  I will improve the docs to
match the new behaviour.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]