ejabberd development
  1. ejabberd development
  2. EJAB-1196

New SASL authentication method: SCRAM-SHA-1



      As suggested by Sebastiaan Deckers, from Pandion.

      Advantage of this authentication method:

      • The MD5 algorithm is weak and SHA-1 is better (still not great but better )
      • Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
      • Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.

      Patch is tested and works with:

      • Gajim hg: PLAIN and his simple SCRAM-SHA-1 (ServerSignature is verified since 0.15)
      • Pandion 2.6.106: PLAIN and SCRAM-SHA-1 (doesn't verify ServerSignature)
      • Swift 1.0: PLAIN and SCRAM-SHA-1
      • Tkabber SVN: PLAIN

      Other clients are supposed to support SCRAM, but I couldn't test them: Empathy, Pidgin (since 2.6.6), Psi (not integrated into git yet, announcement), SoapBox (proprietary).

      Related links:

        Issue Links


          No work has yet been logged on this issue.


            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created:
                Days since last comment:
                2 years, 35 weeks, 5 days ago

                Issue deployment