Tcl Library Source Code

View Ticket
Login
Ticket UUID: 1cc32b469555cc025a4cae3d181d5c6270c90073
Title: Support SCRAM-SHA-1 and perhaps generic SCRAM
Type: RFE Version: 1.3
Submitter: anonymous Created on: 2015-01-13 12:31:51
Subsystem: sasl Assigned To:
Priority: 5 Medium Severity: Minor
Status: Closed Last Modified: 2015-01-15 19:31:28
Resolution: Out of Date Closed By: aku
    Closed on: 2015-01-15 19:31:28
Description:

Please implement SCRAM in the SASL module. It implements challenge-response authentication and improves upon the CRAM-MD5 and DIGEST-MD5 methods. It can use an arbitrary hash function, although currently only SHA-1 seems to be widely supported (but since SHA-1 is broken, it might be a good idea to implement SCRAM-SHA-256 at the same time, or perhaps add a parameter through which the hash function can be selected).

It is defined in RFC 5802. Appendices A and B of the RFC explain in detail how it improves upon the previous methods.

User Comments: aku added on 2015-01-15 19:31:28:
I can confirm via

    grep -rn SCRAM modules/

from the main source directory of Tcllib.

anonymous added on 2015-01-15 10:41:18:
The SCRAM SASL mechanism is already implemented and is shipped with Tcllib 1.16.