fabiang
commented
4 years ago Please feel free to implement those and add a pull request. Thank you!
Open Neustradamus opened 4 years ago
fabiang
commented
4 years ago Please feel free to implement those and add a pull request. Thank you!
Neustradamus
commented
2 years ago @fabiang: Have you looked on it?
Thanks in advance.
fabiang
commented
2 years ago If you need them, please create a PR and I'll be happy to add them. Thanks.
fabiang
commented
1 year ago Closing this due age. PR is still very welcome for this.
Neustradamus
commented
1 year ago @fabiang: The problem is always here, it is not a solution to close it...
fabiang
commented
9 months ago I was able to add support for some of the algos.
The following authentication methods were supported before and I've also updated the integration tests to test them:
Those should have been working before, but I can't test them automatically
This should be working now, but can't be tested either:
Also I'm unable to add support for all the *-PLUS algorithms since OpenSSL/PHP doesn't have an API for channel binding (same problem as in #11) .
Neustradamus
commented
9 months ago @fabiang: Thanks a lot for your commit!
Can you add topics in your repo?
ejabberd: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS):
Tigase XMPP Server: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS):
MongooseIM supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) | Without CB 1.3:
Metronome IM supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) | Without CB 1.3:
Jackal supports: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS), SCRAM-SHA3-512(-PLUS) | Without CB 1.3:
Prosody supports: SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS):
fabiang
commented
9 months ago What topics you're talking about? Is there any server software available that supports SCRAM-SHA3-512?
Neustradamus
commented
9 months ago At right here: https://github.com/fabiang/sasl (gear) ^^
There are several lists, search SHA3 here:
fabiang
commented
9 months ago I don't see any server software that supports scram-sha3-*. I've added the other supported algos as topics.
Neustradamus
commented
9 months ago @fabiang: Jackal but it is now a dead project: https://github.com/search?q=repo%3Aortuman%2Fjackal+sha3&type=code
Neustradamus
commented
9 months ago @fabiang: Recently some SCRAM hashes have been added in:
A good job done by @schengawegga.
Maybe you can help for -PLUS variants?
And for repositories:
After:
Can you add supports of:
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: -- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to: