SCRAM-SHA-1-PLUS + SCRAM-SHA-256-PLUS + SCRAM-SHA-512-PLUS + SCRAM-SHA3-512(-PLUS) supports about go-xmpp HOT 18 CLOSED

@mattn: Any news?

from go-xmpp.

@mattn: If you need help, please look other libs/softs which support all other SCRAM-SHA-1(-PLUS) and SCRAM-SHA-2(-PLUS) family (224/256/384/512) in more than unsecure MD5.

It is really an important request for security.

• https://github.com/mattn/go-xmpp/blob/master/xmpp.go#L15

from go-xmpp.

I'm not familier to the SCRAM-SHA-1(-PLUS) and SCRAM-SHA-2(-PLUS) but should I change hash strong algorism (ex sha256/sha512) ?

from go-xmpp.

I'm not familier to the SCRAM-SHA-1(-PLUS) and SCRAM-SHA-2(-PLUS) but should I change hash strong algorism (ex sha256/sha512) ?

No, the SHA1 is used in an HMAC and is still safe from the various SHA1 attacks that have been publicized recently.

from go-xmpp.

@mattn: Look the SCRAM RFC, it is a better security.

Originaly (first RFC) there were only:

• SCRAM-SHA-1
• SCRAM-SHA-1-PLUS (normal with TLS binding in more)

The second RFC added:

• SCRAM-SHA-256
• SCRAM-SHA-256-PLUS

And a lot of libs/softs have all SCRAM-SHA-2 family support:

• SCRAM-SHA-224
• SCRAM-SHA-224-PLUS
• SCRAM-SHA-256
• SCRAM-SHA-256-PLUS
• SCRAM-SHA-384
• SCRAM-SHA-384-PLUS
• SCRAM-SHA-512
• SCRAM-SHA-512-PLUS

You can see more info, a list: scram-sasl/info#1

For example (not only one):

• Jackal: An XMPP server written in Go (Golang)

@SamWhited: There is no SHA-1 support in this project ;)
Adding all SCRAM in a one time is the best solution to do not used the unsecured MD5.

from go-xmpp.

Look the SCRAM RFC, it is a better security.

@Neustradamus I think we've had this discussion before, but I'll say it again for the benefit of this thread: it is dangerous to make these sorts of assumptions without understanding the underlying crypto. SCRAM-SHA-1 is still safe and there is no reason to raise alarm.

Furthermore, the other variants you list (other than SHA1 and SHA-256) are not real variants in the SCRAM family, they have never been vetted by the IETF and never been standardized and therefore should be avoided. Just because you can shove another hash function into the HMAC doesn't mean you should: bigger numbers aren't always better. To be clear: I don't see how using any of those hashes could cause any sort of security issue either, but they are not used by the community and are not standardized, if you try to make them up now and then the community standardizes on a version that makes other tweaks besides just changing the hash things will be broken. Please just follow the standard and let the IETF do their job.

Back to the difference between using SHA1 and SHA-256: there should be little to no practical difference in terms of security. Instead, we need to think about upgrade paths and what the community is using. Right now SHA-1 is recommended and widely deployed, SHA-256 is very rarely used and the upgrade path is non-existent because of the way SCRAM works. It may or may not be worth supporting, but let's not try to create security issues where none exist.

from go-xmpp.

@SamWhited: Have you looked here?

• https://github.com/mattn/go-xmpp/blob/master/xmpp.go#L15 (MD5 only)

from go-xmpp.

Yes, I am aware that this library is MD5 only. I'm not saying that we should avoid SCRAM-SHA-256, just that your assumption that it is better for security is wrong and should be avoided. If I have misunderstood what you were saying, I apologize. I think we're in general agreement that SCRAM should be supported :)

from go-xmpp.

Here, I have requested all SCRAM for have compatibility with all libs/softs and old products.

More and more projects have now a better SCRAM compatibility.
I thank all devs who have contributed.

The future has started ;)

from go-xmpp.

XMPP servers remove the old history unsecured MD5 support, any news on it?

from go-xmpp.

@mattn: Have you looked for adding SCRAM?

In more: It is official for TLS 1.3 Binding!

• RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266

Details:

• tls-unique for TLS =< 1.2
• tls-exporter for TLS = 1.3

Thanks to @SamWhited!

from go-xmpp.

Good news, go-xmpp supports now SCRAM-SHA-1/SCRAM-SHA-256/SCRAM-SHA-512, a contrib from @mdosch!
Thanks a lot!

Now, last parts are "-PLUS" variants and SCRAM-SHA3-512(-PLUS) to complete.

from go-xmpp.