Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement XEP-0480: SASL Upgrade Tasks #80

Open
tmolitor-stud-tu opened this issue Dec 14, 2023 · 2 comments
Open

Implement XEP-0480: SASL Upgrade Tasks #80

tmolitor-stud-tu opened this issue Dec 14, 2023 · 2 comments

Comments

@tmolitor-stud-tu
Copy link

This is the last missing piece for modern SASL2 authentication: XEP-0480: SASL Upgrade Tasks is needed to make sure clients can update the old SHA-1 password hashes to more secure alternatives like SHA-256.

This isn't as urgent as the other SASL2 related stuff you just implemented, but needed to make sure we can transition from SHA-1 to something more secure before SCRAM-SHA-1 becomes insecure.
This transition will take quite some time, so it is good to start early with this.

I promise this is the last SASL-related implementation request I'm doing ;)

BTW: This XEP was originally developed inside the main SASL2 XEP (XEP-0388) but later factored out to not create another of these large XEPs like MUC or PubSub.
@tmolitor-stud-tu
Copy link
Author

tmolitor-stud-tu commented Dec 14, 2023
edited

Side note: I've wrote a blog post about modern SASL authentication that more or less led to all of these SASL2 related XEPs over here: https://monal-im.org/post/00004-sasl/

@Neustradamus
Copy link

Important too :)

@Neustradamus Neustradamus mentioned this issue Dec 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Neustradamus @tmolitor-stud-tu