-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SCRAM-SHA-256 #175
Comments
This implementation is officially endorsed by Mongo (heh heh): https://github.com/xdg-go/scram |
I've decided this isn't a priority for me, but I'm leaving the "help wanted" tag up because I'm definitely interested in outside PRs that add this. |
Considering how recent Charybdis/fork+Atheme support this mechanism, this may be a offered mechanism downgrade for networks migrating to Ergo. I think e.g. WeeChat lets you specify only one mechanism to be used for SASL authentication instead of preferred mechanism list and it recently added support for this. Another argument for supporting the mechanism is that Ergo is leading in all other IRCv3 implementation and testing SCRAM has to be done separately somewhere else. |
I like this point! I have been avoiding this because it is somewhat difficult to implement: it's not just a matter of adding the algorithm, we also have to bump the CredentialsVersion and handle re-hashing passwords as users log back in: Lines 1894 to 1902 in 97d1786
since a bcrypt hash is not enough to support this mechanism, we need to obtain the plaintext password (temporarily) and hash it with PBKDF2. |
I have seen SASL SCRAM also been suggested as a mitigation towards not leaking plaintext password to a typosquatting network recently. |
https://github.com/xdg-go/scram adds about a megabyte to the binary size on linux/amd64, mostly due to this: https://github.com/xdg-go/stringprep It's unclear whether we can get away with commenting out the uses of
which would seemingly apply to both usernames and passwords. |
Proposal:
|
I am not sure on this point as it seems very anglocentric and I think it's in clash with
from #1718 (comment). |
From discussion, we're going to reimplement stringprep, relying on PRECIS to enforce most of the constraints. If an account name passes PRECIS, only a few more steps should be necessary:
PRECIS doesn't apply to passwords, but we can probably just get away with violating the spec for the (hopefully small and atypical) set of Unicode passphrases that don't pass bidi or similar. |
This is something I wanna do as per https://tools.ietf.org/html/rfc7677 and it being recommended by IRCv3. Keep in mind ircv3/ircv3-specifications#326
The text was updated successfully, but these errors were encountered: