[jdev] Password Hashing mechanisms

Kurt Zeilenga kurt.zeilenga at isode.com
Fri Oct 25 15:02:03 UTC 2013


On Oct 25, 2013, at 5:56 AM, Harisankar P S <mailme at hsps.in> wrote:

> @peter @kevin thank you very much for the links. 
> 
> It seems SCRAM is the only one missing from xmpp4r as per the MTI http://xmpp.org/rfcs/rfc6120.html#security-mti. Will implement that first. 

Note that there's two SCRAM mechanisms that ought to be implemented at the same time, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS, the latter providing secure channel bindings to TLS.  The latter requires more work but, from a security perspective, is well worth it.

-- Kurt

> 
> 
> On Fri, Oct 25, 2013 at 6:19 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/25/13 6:43 AM, Harisankar P S wrote:
> > Hi there,
> >
> > I am updating a ruby library that deals with XMPP. Its called
> > xmpp4r (http://xmpp4r.github.io). I was looking into the auth
> > method of the library, and it had three mechanisms at present
> > DIGEST-MD5, PLAIN and anonymous. But working with prosody i saw
> > that there is a mechanism called SCREAM-SHA-1.
> >
> > I was wondering, in which standard documentation can i find the
> > list of authentication mechanisms an XMPP Server should have.
> 
> http://xmpp.org/rfcs/rfc6120.html#security-mti
> 
> Peter
> 
> - --
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJSamjRAAoJEOoGpJErxa2pa8gP/AwgHeQkFTGhwHN5n/lTKFo+
> xW/mg+BcDhEKylZ2NemHfpE4k8LRLrmfVGEGZwYoSXLKccZAgucnWGbSCRBUn2BC
> dGnZ9iYRcEjFu5bc0L+56u7q8w2oLRFKw3ByFtiVutqxn9roelQlQ9iPy+Hc+Etd
> pjM40AhO6j4ZcyNC+kSvspl5v83imB8D6xjwGjeOdiQe1A8ziEJEU2OKB7ptrXaY
> FLsuhDR3q0+wIqPYuBA9hJSt7nJFsNlfjrxmKk02f0b+MuaDOMJBtx6dm2JIfvf5
> v8f41c6xbmmGzESMRpdyBFbQArTPTlIdYwS3bsyelhcBFFN2BIKTWPeDeEjoLBMB
> +wiSuBLP7FUzwTzk0R85mLQvAPNo6WvhtEMGR1+DFxEFXOVlZ49KIJ9ZkqRTHIQQ
> Glcu2VC0epA129BSYMxoudGzWDpswXskYa0+QBg5FVBKeEuMka9LDyfo+2xWwDKt
> 8i31kMTL7dfIJIcLoU8JdloLoJmkHB9mEBvjhqiKoqerd9iALv9JVCa2t4THNTeA
> FLswC1UlNQSyffkOapsLcldw85WKr29vWiOYS9/LgDmTk/b2TkWxnkoaqmZM0nH8
> TgYf0PrnxckEp93gpPWBt25lxPkqW+1hgnvOh7io/amVAx9yDeNUNnE36C4Dj3VW
> l74B5jR8Fw5yKKVPckxy
> =6EDm
> -----END PGP SIGNATURE-----
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
> 
> 
> 
> -- 
> Harisankar P S
> https://twitter.com/coder_hsps | http://tech.hsps.in
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131025/f8d19da5/attachment-0001.html>


More information about the JDev mailing list