-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
State of Play #1
Comments
This was referenced Jul 15, 2019
Closed
This was referenced Aug 21, 2019
This was referenced Sep 3, 2019
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) supports
miranda-ng/miranda-ng#1727
Closed
4 tasks
This was referenced Sep 4, 2019
This was referenced Feb 10, 2024
This was referenced Mar 30, 2024
This was referenced May 22, 2024
This was referenced Jun 20, 2024
This was referenced Sep 11, 2024
Good |
Based on go-gomail/gomail#198 (the project is not maintained anymore), I've created wneessen/go-mail#242 for the go-mail project. The PR is currently in review and expected to be merged into main during this week. |
This was referenced Oct 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Welcome, this page informs you about the security, all SCRAM variants and Channel Binding (-PLUS variants) too.
Important history:
CRAM-MD5 to Historic:
RFC6331: Moving DIGEST-MD5 to Historic:
RFC8600: https://tools.ietf.org/html/rfc8600 (2019-06-21): https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802].
But in "Best practices for password hashing and storage" expired I-D:
About Channel Binding (for -PLUS variants):
Some important XEPs:
Little details, to know easily:
After the jabber.ru MITM, Channel Binding is the solution:
SCRAM-SHA-1(-PLUS):
SCRAM-SHA-256(-PLUS):
SCRAM-SHA-512(-PLUS):
SCRAM-SHA3-512(-PLUS):
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
IMAP:
LDAP:
HTTP:
JMAP:
2FA:
IANA:
SASL2:
Article: Convert old unsecured MD5 passwords to SCRAM-SHA-256 with PostgreSQL: https://info.crunchydata.com/blog/how-to-upgrade-postgresql-passwords-to-scram
Since PostgreSQL 10, MD5 -> SCRAM-SHA-256:
SCRAM-SHA-256 has been added in PostgreSQL 10
SCRAM-SHA-256-PLUS variant (with TLS Binding) has been added in PostgreSQL 13
SCRAM-SHA-256 is selected by default in PostgreSQL 14
SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS):
SCRAM-SHA-1 and SCRAM-SHA-256:
SCRAM-SHA-256(-PLUS):
SCRAM-SHA-256:
SCRAM-SHA-256 and SCRAM-SHA-512:
SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384, SCRAM-SHA-512 and SCRAM-SHA3-512:
SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) and SCRAM-SHA3-512(-PLUS):
SCRAM-SHA-1, SCRAM-SHA-256, SCRAM-SHA-512 and SCRAM-SHA3-512:
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS) and SCRAM-SHA3-512(-PLUS):
SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512:
The JVM core for Couchbase SDKs: https://github.com/couchbase/couchbase-jvm-core
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS) and SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1, SCRAM-SHA-256, SCRAM-SHA-384 and SCRAM-SHA-512:
SCRAM-SHA-1, SCRAM-SHA-224, SCRAM-SHA-256, SCRAM-SHA-384 and SCRAM-SHA-512:
SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS) and SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS) and SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1, SCRAM-SHA-256(-PLUS) and SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1(-PLUS):
SCRAM-SHA-1 and SCRAM-SHA-1-PLUS:
SCRAM-SHA-1:
NOTHING:
UNKNOWN:
The text was updated successfully, but these errors were encountered: