monal-im
SCRAM-SHA-1 / SCRAM-SHA-256 / SCRAM-SHA-512 supports (without -PLUS variant)
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
- https://tools.ietf.org/html/rfc5802
- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
- https://tools.ietf.org/html/rfc7677 since 2015-11-02
- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
Previous ticket included -PLUS variants has been closed:
- https://github.com/anurodhp/Monal/issues/161
It exists and managed by XMPP servers (look the last link):
- SCRAM-SHA-1: https://github.com/anurodhp/Monal/issues/37
- SCRAM-SHA-1-PLUS
- SCRAM-SHA-224
- SCRAM-SHA-224-PLUS
- SCRAM-SHA-256
- SCRAM-SHA-256-PLUS
- SCRAM-SHA-384
- SCRAM-SHA-384-PLUS
- SCRAM-SHA-512
- SCRAM-SHA-512-PLUS
Linked to:
- https://github.com/scram-xmpp/info/issues/1
@anurodhp may you comment on this? It was opened after I closed the other issue after @tmolitor-stud-tu comment.
XMPP servers remove the old history unsecured MD5 support, any news on it?
@anurodhp, @tmolitor-stud-tu, @Echolon: Can you reopen this ticket?
- https://github.com/anurodhp/Monal/issues/161
It is very an important missing feature, not minor.
Note, in more SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS), there are now:
SCRAM-SHA-512(-PLUS):
- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
implemented for SASL2 now (including the -PLUS variants for tls-server-end-point and tls-exporter channel-bindings)
