Next: , Previous: DIGEST-MD5, Up: Mechanisms

5.7 The SCRAM-SHA-1 mechanism

The SCRAM-SHA-1 mechanism is designed to provide (almost) the same capabilities as CRAM-MD5 and DIGEST-MD5 but use modern cryptographic techniques such as HMAC-SHA-1 hashing and PKCS#5 PBKDF2 key derivation. SCRAM-SHA-1 supports authorization identities. Like CRAM-MD5 and DIGEST-MD5, only a hashed password is transferred. Consequently, SCRAM-SHA-1 needs access to the correct password to verify the client response.

In the client, this mechanism is always enabled, and it requires the GSASL_AUTHID property, and either GSASL_PASSWORD or GSASL_SCRAM_SALTED_PASSWORD. If set, GSASL_AUTHZID will be used by the client. To be able to return the proper GSASL_SCRAM_SALTED_PASSWORD value, the client needs to check the GSASL_SCRAM_ITER and GSASL_SCRAM_SALT values which are available when the GSASL_SCRAM_SALTED_PASSWORD property is queried for.

In the server, the mechanism will require the GSASL_PASSWORD callback property, which may use the GSASL_AUTHID property to determine which users' password should be used. The GSASL_AUTHID will be in normalized form. The server will then normalize the returned password, and compare the client response with the computed correct response, and accept the user accordingly. The server may also set the GSASL_SCRAM_ITER and GSASL_SCRAM_SALT properties to influence the values to be used by clients to derive a key from a password.

Currently channel bindings are not supported, so there is no support for SCRAM-SHA-1-PLUS.