search

rolkey / indyproject

Automatically exported from code.google.com/p/indyproject
0 stars 0 forks source link

We need more secure SASL mechanims #44

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
With FIPS-complience, we will need to provide more secure SASL mechanisms 
than what Indy currently has.  Many SASL mechanism such as Digest, OTP, 
CRAM-MD5, and S/Key use compromised hash algorithms.  SHA1 also has been 
partially compromised so we need SASL mechanisms that use stronger hashing 
that are FIPS approved such as SHA224, SHA256, SHA384, and SHA512.  I 
would suggest starting off with SCRAM.

http://tools.ietf.org/html/draft-ietf-sasl-scram-10

Note that I have checked in code that does HMAC-SHA-224, HMAC-SHA-256, 
HMAC-SHA-384, and HMAC-SHA-512 so SCRAM should be doable.

Original issue reported on code.google.com by jpmug...@suddenlink.net on 28 Dec 2009 at 2:19

GoogleCodeExporter commented 9 years ago

Original comment by jpmug...@suddenlink.net on 28 Dec 2009 at 2:20