Open Neustradamus opened 5 years ago
genofire
commented
5 years ago @mremond could we use https://godoc.org/mellium.im/sasl or should we implemented it on the own like https://github.com/ortuman/jackal/blob/master/auth/scram.go
i like the state machine of https://godoc.org/mellium.im/sasl with his more, resp, err as return value
SamWhited
commented
5 years ago i like the state machine of https://godoc.org/mellium.im/sasl with his more, resp, err as return value
Thanks; just FYI there is at least one major API overhaul that may be done at
some point to mellium.im/sasl to make credentials more flexible. Take into
consideration that I don't yet provide any API stability guarantees when using
it, and it may require a bit of work to upgrade later (that being said, that's
probably better than an unknown from some of the other projects, so maybe see
if you can convince them to tell people if the API is stable or not before
deciding what to move forward with).
If you do end up using it, I'd love to get your feedback on everything and how it works for you.
I add SCRAM-SHA-512(-PLUS): https://xmpp.org/extensions/inbox/hash-recommendations.html
Note that SCRAM-SHA-512 is not an actual SCRAM mechanism defined by the IETF. Making one up will at best lead to interop problems, and at worst could cause security issues (this isn't likely if you're just changing the hash in the HMAC, but still, don't make up security mechanisms just to have a bigger number in a hash somewhere).
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
SCRAM-SHA-256(-PLUS):
I add SCRAM-SHA-512(-PLUS): https://xmpp.org/extensions/inbox/hash-recommendations.html
Linked to: