SCRAM-SHA1 Authentication Added

Tigase XMPP Server now offers the added security of SCRAM or Salted Challenge Response Authentication Mechanism using the SHA-1 hashing algorithm. This method of authentication allows for a more secure exchange of passwords since they can now be encrypted. Not only this, but the mechanism also provides for protection of a man-in-the-middle attack on Tigase XMPP Servers.

Securing a password is a basic must do for IT security, however some login methods transmit usernames and passwords in plaintext, which can be intercepted over the line. SCRAM addresses this by using a SHA-1 hash to encrypt the password being sent. The basic process works like this: The username is sent in plaintext to the server from the client. The server responds by sending a salt to the client, which is a random sequence of 8-bit bytes. The client then hashes the salt and the password and sends that encrypted message to the server. The server then rehashes what the client sent using a different encryption variation and that is sent back to the client. Now both client and server have not only exchanged passwords, but have verified that both parties have the proper username and password.

As you can see, it makes it very difficult for any third party to be able to intercept communications and decrypt information without prior knowledge of both username and passwords. This feature is now available in the nightly build of Tigase XMPP Server, and will be available with v7.1.0. It is also enabled by default to compatible clients can use this mechanism.

Get in touch

We provide software products, consulting and custom development services

Tigase, Inc.
100 Pine Street, Suite 1250
San Francisco, CA 94111, USA
Phone: (415) 315 9771

Follow us on:

Twitter

  • Tigase Messenger for iOS has been updated to v1.1 so we made a little video to celebrate! Get it here:… https://t.co/p7rJI8KhMQ 10 hours 1 min ago
  • Tigase Messenger for iOS Beta version has received an update to v1.1. Visit https://t.co/SjCptS1ZYS for patch notes. 1 week 4 days ago
Back to Top