Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCRAM-SHA-224(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) supports #9

Closed
Neustradamus opened this issue Nov 12, 2020 · 5 comments
Closed

SCRAM-SHA-224(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) supports #9

Neustradamus opened this issue Nov 12, 2020 · 5 comments
Assignees
@jorsol
Labels
enhancement
Milestone
SCRAM 3.0

Comments

@Neustradamus
Copy link

Neustradamus commented Nov 12, 2020
edited
Loading

Dear @ongres team,

After:

  • SCRAM-SHA-1
  • SCRAM-SHA-1-PLUS
  • SCRAM-SHA-256
  • SCRAM-SHA-256-PLUS

Can you add supports of :

  • SCRAM-SHA-224
  • SCRAM-SHA-224-PLUS
  • SCRAM-SHA-384
  • SCRAM-SHA-384-PLUS
  • SCRAM-SHA-512
  • SCRAM-SHA-512-PLUS
  • SCRAM-SHA3-512
  • SCRAM-SHA3-512-PLUS

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

SCRAM-SHA-1(-PLUS):

SCRAM-SHA-256(-PLUS):

SCRAM-SHA-512(-PLUS):

SCRAM-SHA3-512(-PLUS):

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

LDAP:

  • RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

2FA:

IANA:

Linked to:
@Neustradamus
Copy link
Author

Dear @ongres team,

Have you progressed on it?

A lot of projects, softwares use other SCRAM, you can see the list here:

There is a ticket here too from @rrva:

This was referenced Nov 19, 2023
Closed
Closed
Closed
@jorsol
Copy link
Collaborator

jorsol commented Mar 16, 2024

While is technically possible and easy to add the SHA-224 and SHA-384 variants they don't have an RFC published, not even on draft, so they are not going to be added as their use would be limited anyway.

For SHA3-512, sadly Java doesn't yet have support in SecretKeyFactory for PBKDF2WithHmacSHA3-512 maybe because it follows the algorithms from the RFC 8018, and that RFC still doesn´t have an update with SHA3-* algorithm family, so it can't be added right now, but it could be considered in the future if there is more demand for this.

jshell> javax.crypto.SecretKeyFactory.getInstance("PBKDF2WithHmacSHA3-512");
|  Exception java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA3-512 SecretKeyFactory not available
|        at SecretKeyFactory.<init> (SecretKeyFactory.java:118)
|        at SecretKeyFactory.getInstance (SecretKeyFactory.java:164)
|        at (#3:1)

SHA-512 will be added in the next major version 3.0

@jorsol jorsol self-assigned this Mar 16, 2024
@jorsol jorsol added this to the SCRAM 3.0 milestone Mar 19, 2024
@jorsol jorsol closed this as completed Apr 3, 2024
@Neustradamus
Copy link
Author

@jorsol: It has been solved?

@jorsol
Copy link
Collaborator

jorsol commented Apr 3, 2024

@jorsol: It has been solved?

SHA3-512 variants are not present as mentioned in an earlier comment.

@Neustradamus
Copy link
Author

@jorsol: Good job about 3.0!

Important to specify in the ticket where it has been added.

I will edit the title and create a new ticket for SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS for the future...

@Neustradamus Neustradamus changed the title SCRAM-SHA-224(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports SCRAM-SHA-224(-PLUS) + SCRAM-SHA-384(-PLUS) + SCRAM-SHA-512(-PLUS) supports Apr 3, 2024
@Neustradamus Neustradamus mentioned this issue Apr 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jorsol jorsol

Labels
enhancement
Projects
None yet
Milestone
SCRAM 3.0
Development

No branches or pull requests
2 participants
@Neustradamus @jorsol