Details

      Description

      As suggested by Sebastiaan Deckers, from Pandion.

      Advantage of this authentication method:

      • The MD5 algorithm is weak and SHA-1 is better (still not great but better )
      • Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
      • Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

      Patch is tested and works with:

      • Gajim hg: PLAIN and his simple SCRAM-SHA-1 (ServerSignature is verified since 0.15)
      • Pandion 2.6.106: PLAIN and SCRAM-SHA-1 (doesn't verify ServerSignature)
      • Swift 1.0: PLAIN and SCRAM-SHA-1
      • Tkabber SVN: PLAIN

      Other clients are supposed to support SCRAM, but I couldn't test them: Empathy, Pidgin (since 2.6.6), Psi (not integrated into git yet, announcement), SoapBox (proprietary).

      Related links:

        Issue Links

          Activity

          mremond@process-one.net Mickaël Rémond created issue -
          mremond@process-one.net Mickaël Rémond made changes -
          Field Original Value New Value
          Description Advantage of this authentication method:
          - The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          - Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          - Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.
          As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          - The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          - Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          - Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.
          badlop Badlop made changes -
          Description As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          - The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          - Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          - Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.
          As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion and Gajim.
          badlop Badlop made changes -
          Description As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion and Gajim.
          As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion and Gajim.

          Related links:
          * The protocol: [Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism|http://tools.ietf.org/html/draft-ietf-sasl-scram-11]
          * Ovierview of the protocol: [Scram DIGEST-MD5!|http://ayena.de/scram-digest-md5]
          badlop Badlop made changes -
          Description As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion and Gajim.

          Related links:
          * The protocol: [Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism|http://tools.ietf.org/html/draft-ietf-sasl-scram-11]
          * Ovierview of the protocol: [Scram DIGEST-MD5!|http://ayena.de/scram-digest-md5]
          As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion, Gajim, and Psi ([announcement|http://ayena.de/sleep_tight_password_safe]).

          Related links:
          * The protocol: [Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism|http://tools.ietf.org/html/draft-ietf-sasl-scram-11]
          * Ovierview of the protocol: [Scram DIGEST-MD5!|http://ayena.de/scram-digest-md5]
          stephen Stephen Röttger made changes -
          Attachment ejabberd-2.1.0-scram.patch [ 18643 ]
          badlop Badlop made changes -
          Assignee Badlop [ badlop ]
          badlop Badlop made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          badlop Badlop made changes -
          Attachment ejabberd-2.1.0-scram-part2.patch [ 18650 ]
          badlop Badlop made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          badlop Badlop made changes -
          Attachment ejabberd-2.1.0-scram-part2.patch [ 18661 ]
          badlop Badlop made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s ejabberd 2.1.9 [ 10796 ]
          Fix Version/s ejabberd 3.0.0-beta-1 [ 10660 ]
          Resolution Fixed [ 1 ]
          badlop Badlop made changes -
          Description As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          SCRAM is supported by development versions of Prosody, Pidgin, Pandion, Gajim, and Psi ([announcement|http://ayena.de/sleep_tight_password_safe]).

          Related links:
          * The protocol: [Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism|http://tools.ietf.org/html/draft-ietf-sasl-scram-11]
          * Ovierview of the protocol: [Scram DIGEST-MD5!|http://ayena.de/scram-digest-md5]
          As suggested by Sebastiaan Deckers, from Pandion.

          Advantage of this authentication method:
          * The MD5 algorithm is weak and SHA-1 is better (still not great but better :) )
          * Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
          * Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

          Patch is tested and works with:
          * Gajim hg: PLAIN and his simple SCRAM-SHA-1 ([ServerSignature is verified since 0.15|http://trac.gajim.org/ticket/6940])
          * Pandion 2.6.106: PLAIN and SCRAM-SHA-1 (doesn't verify ServerSignature)
          * Swift 1.0: PLAIN and SCRAM-SHA-1
          * Tkabber SVN: PLAIN

          Other clients are supposed to support SCRAM, but I couldn't test them: Empathy, Pidgin (since 2.6.6), Psi (not integrated into git yet, [announcement|http://ayena.de/sleep_tight_password_safe]), SoapBox (proprietary).

          Related links:
          * The protocol: [Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism|http://tools.ietf.org/html/draft-ietf-sasl-scram-11]
          * Ovierview of the protocol: [Scram DIGEST-MD5!|http://ayena.de/scram-digest-md5]
          cromain@process-one.net Christophe Romain made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          mremond@process-one.net Mickaël Rémond made changes -
          Workflow development v3 [ 71348 ] Development v4 [ 81362 ]
          badlop Badlop made changes -
          Link This issue is splitted to EJAB-1598 [ EJAB-1598 ]

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development