Ticket UUID: | 1cc32b469555cc025a4cae3d181d5c6270c90073 | |||
Title: | Support SCRAM-SHA-1 and perhaps generic SCRAM | |||
Type: | RFE | Version: | 1.3 | |
Submitter: | anonymous | Created on: | 2015-01-13 12:31:51 | |
Subsystem: | sasl | Assigned To: | ||
Priority: | 5 Medium | Severity: | Minor | |
Status: | Closed | Last Modified: | 2015-01-15 19:31:28 | |
Resolution: | Out of Date | Closed By: | aku | |
Closed on: | 2015-01-15 19:31:28 | |||
Description: |
Please implement SCRAM in the SASL module. It implements challenge-response authentication and improves upon the CRAM-MD5 and DIGEST-MD5 methods. It can use an arbitrary hash function, although currently only SHA-1 seems to be widely supported (but since SHA-1 is broken, it might be a good idea to implement SCRAM-SHA-256 at the same time, or perhaps add a parameter through which the hash function can be selected). It is defined in RFC 5802. Appendices A and B of the RFC explain in detail how it improves upon the previous methods. | |||
User Comments: |
aku added on 2015-01-15 19:31:28:
I can confirm via grep -rn SCRAM modules/ from the main source directory of Tcllib. anonymous added on 2015-01-15 10:41:18: The SCRAM SASL mechanism is already implemented and is shipped with Tcllib 1.16. |