-
-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCRAM-SHA-1-PLUS + SCRAM-SHA-256-PLUS + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports #182
Comments
Thanks, and a good 2022 to you as wel. SCRAM-SHA-512 should work as scram.php detects it. The PLUS versions however are difficult due to the required gs2 header which is inside TLS stream (we have no access to it). On the other side: sha and md5 should not be used as it actually relies on plain/hash passwords stored on the server. Passwords should be stored in bcrypt, balloon or argon2 (but scram will not work in these cases). So basically always use TLS 1.3 connections unless the connection is 127.0.0.1 |
@the-djmaze: Thanks for your SCRAM-SHA-512 :) Please read here about SCRAM: https://techcommunity.microsoft.com/t5/azure-database-for-postgresql/how-to-securely-authenticate-with-scram-in-postgres-13/ba-p/1548319 |
@Neustradamus i understand your SCRAM mission everywhere. |
@the-djmaze: Ok for -PLUS variants, but for SCRAM-SHA3-512? |
@the-djmaze: I have added the RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2: https://tools.ietf.org/html/rfc9051 in the description :) |
RFC9051 is already partially supported ;)
|
@the-djmaze: Recently SCRAM hashes have been added in:
A good job done by @schengawegga. Maybe you can help for -PLUS variants? And for repositories: |
Dear @the-djmaze,
In first, I wish you a Happy New Year!
Thanks a lot for your SCRAM-SHA-1 and SCRAM-SHA-256 adding! :)
After:
Can you add supports of :
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- https://tools.ietf.org/html/rfc5802
-- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- https://tools.ietf.org/html/rfc7677 since 2015-11-02
-- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: