As suggested by Sebastiaan Deckers, from Pandion.
Advantage of this authentication method:
- The MD5 algorithm is weak and SHA-1 is better (still not great but better )
- Scram allows storing hashed passwords on the server, while Digest requires storing plaintext. This is often a security requirement.
- Scram has i18n using stringprep. Digest authentication doesn't have that so there are all kinds of problems with Unicode chars.
Patch is tested and works with:
- Gajim hg: PLAIN and his simple SCRAM-SHA-1 (ServerSignature is verified since 0.15)
- Pandion 2.6.106: PLAIN and SCRAM-SHA-1 (doesn't verify ServerSignature)
- Swift 1.0: PLAIN and SCRAM-SHA-1
- Tkabber SVN: PLAIN
Other clients are supposed to support SCRAM, but I couldn't test them: Empathy, Pidgin (since 2.6.6), Psi (not integrated into git yet, announcement), SoapBox (proprietary).
- The protocol: Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism
- Ovierview of the protocol: Scram DIGEST-MD5!