SCRAM-SHA-256(-PLUS) supports

[Neustradamus]

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

After SCRAM-SHA-1(-PLUS):

• RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802
• RFC6120: Extensible Messaging and Presence Protocol (XMPP): Core: https://tools.ietf.org/html/rfc6120

There is SCRAM-SHA-256(-PLUS):

• RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677 - since 2015-11-02
• RFC8600: Using Extensible Messaging and Presence Protocol (XMPP) for Security Information Exchange: https://tools.ietf.org/html/rfc8600 - since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA

SCRAM-SHA-512(-PLUS):

• https://tools.ietf.org/html/draft-melnikov-scram-sha-512

SCRAM-SHA3-512(-PLUS):

• https://tools.ietf.org/html/draft-melnikov-scram-sha3-512

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

• RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
• RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
• Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml

LDAP:

• RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

• RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804

2FA:

• Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://tools.ietf.org/html/draft-melnikov-scram-2fa

IANA:

• Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml

Linked to:

• https://github.com/ubiety/Ubiety.Scram.Core
• State of Play scram-sasl/info#1

[github-actions]

Welcome, thank you for supporting Ubiety.Xmpp.Core by helping make it better.

[coder2000]

Implemented in upcoming release supporting .NET 5.

[Neustradamus]

@coder2000: Thanks for your reply!

I have added a new ticket for:

• SCRAM-SHA-512(-PLUS)
• SCRAM-SHA3-512(-PLUS)

Here: #16

[Neustradamus]

Hello @coder2000, the .NET 5 has been released, have you progressed on it?

[coder2000]

I haven't made an official nuget release but development or the binding feature branch are setup to use .NET 9. Let me know if you have any further questions. Apologies for the delay in response.

[Neustradamus]

@coder2000: Thanks for your message, it is never too late :)
Good to see that the development is always here!

What have you already added?

What SCRAM supports and Channel Binding for TLS 1.2 and TLS 1.3?

• tls-unique for TLS =< 1.2
• tls-server-end-point =< 1.2 + 1.3
• tls-exporter for TLS = 1.3

Thanks in advance.