SCRAM-SHA1 Authentication Added

Tigase XMPP Server now offers the added security of SCRAM or Salted Challenge Response Authentication Mechanism using the SHA-1 hashing algorithm. This method of authentication allows for a more secure exchange of passwords since they can now be encrypted. Not only this, but the mechanism also provides for protection of a man-in-the-middle attack on Tigase XMPP Servers.

Securing a password is a basic must do for IT security, however some login methods transmit usernames and passwords in plaintext, which can be intercepted over the line. SCRAM addresses this by using a SHA-1 hash to encrypt the password being sent. The basic process works like this: The username is sent in plaintext to the server from the client. The server responds by sending a salt to the client, which is a random sequence of 8-bit bytes. The client then hashes the salt and the password and sends that encrypted message to the server. The server then rehashes what the client sent using a different encryption variation and that is sent back to the client. Now both client and server have not only exchanged passwords, but have verified that both parties have the proper username and password.

As you can see, it makes it very difficult for any third party to be able to intercept communications and decrypt information without prior knowledge of both username and passwords. This feature is now available in the nightly build of Tigase XMPP Server, and will be available with v7.1.0. It is also enabled by default to compatible clients can use this mechanism.

Follow us on:


Back to Top