SCRAM - support for using Hashed and salted passwords

[davidfrickert]

Hi all,

Reading the documentation of this project it seems to imply that SCRAM needs cleartext passwords in order to work. https://github.com/cyrusimap/cyrus-sasl/blob/master/docsrc/sasl/faqs/plaintextpasswords.rst

However I don't think this is true, as some reference implementations I've seen do store the hash, salt and iterations on the backend instead of the cleartext password.

If storing an hashed password currently is not supported, what could we do to support it?

[GuidoKiener]

For the SCRAM Plugin you can set the options "scram_secret_generate=y" to force storing hashed passwords in the SASL database. You can also use the option "scram_iteration_counter=10000" to increase calculation time of the hashes.
Nevertheless when you support PLAIN or LOGIN, the passwords are still stored in plain text within the SASL database. To really solve this problem you have to implement the callback functions SASL_CB_SERVER_USERDB_CHECKPASS and SASL_CB_SERVER_USERDB_SETPASS. However it's a hard way to understand the callback jungle.

Strange, I just see this response is four years too late ... Is this project still alive?

[namsic]

Hello. I have the same question.

I want to allow only SCRAM authentication in my application and avoid storing plain text passwords in the sasldb file.
Where should I set the scram_secret_generate=y option?

Can I use the following command?

saslpasswd2 -f my.sasldb -a myapp -n --scram_secret_generate=y -c user001

[GuidoKiener]

To change options in a server or utils you have to implement a getopt function and set it with the callback mechanism SASL_CB_GETOPT.

Here is one example among others:

cyrus-sasl/utils/testsuite.c

Line 473 in ed79de0

int good_getopt(void *context __attribute__((unused)),

Just add a line to your server/tools option function like:

  else if (!strcmp(option, "scram_secret_generate")) {
    *result = "y";
    if (len)
      *len = (unsigned)strlen(*result);
    return SASL_OK;
  }

[namsic]

It was very helpful to see specific examples.

cyrus-sasl/utils/saslpasswd.c

Lines 239 to 253 in ed79de0

	int good_getopt(void *context __attribute__((unused)),
	const char *plugin_name __attribute__((unused)),
	const char *option,
	const char **result,
	unsigned *len)
	{
	if (sasldb_path && !strcmp(option, "sasldb_path")) {
	*result = sasldb_path;
	if (len)
	*len = (unsigned) strlen(sasldb_path);
	return SASL_OK;
	}
	return SASL_FAIL;
	}

{
    if (sasldb_path && !strcmp(option, "sasldb_path")) {
	*result = sasldb_path;
	if (len)
	    *len = (unsigned) strlen(sasldb_path);
	return SASL_OK;
+   } else if (!strcmp(option, "scram_secret_generate")) {
+       *result = "y";
+       if (len)
+           *len = (unsigned)strlen(*result);
+       return SASL_OK;
    }

    return SASL_FAIL;
}

I modified the saslpasswd.c file as above and make it again.

saslpasswd2 -f myapp.sasldb -a myapp -c user01
# Password: 1234
saslpasswd2 -f myapp.sasldb -a myapp -c -n user02
# Password: 5678

b'user01\x00myhost\x00userPassword'     b'1234'
b'user02\x00myhost\x00authPassword'     b'SCRAM-SHA-1$4096:D1Xrw0Ts7q+R2MJpxJEr/A==$XBngQGUqgKY1VT27d769/GG9gSQ=:2bWpTZJXe5t9ILJgjPv3hKcwrkQ='
b'user02\x00ncp-2c4-001\x00cmusaslsecretOTP' b'md5\t0499\tnc2863\t74232d4b06004733\t00000000000000000000'

Now I can use SCRAM-SHA-1 authentication in my application without storing user02's plaintext password in the db.
However, I still cannot use other SCRAM authentication methods.

// sasl_server_start(SCRAM-SHA-512, /* data */, /* data length */)
SASL (severity 2): No valid SCRAM-SHA-512 secret found

cyrus-sasl/plugins/scram.c

Lines 1650 to 1655 in ed79de0

	sparams->utils->getopt(sparams->utils->getopt_context,
	/* This affects all SCRAM plugins, not just SCRAM-SHA-1 */
	"SCRAM",
	"scram_secret_generate",
	&generate_scram_secret,
	NULL);

Are there any other guides for using SCRAM-SHA-256 or SCRAM-SHA-512 authentication method?

[GuidoKiener]

Your server should not offer all SCRAM-SHA-* variants. E.g. SCRAM-SHA-512 is not an approved standard yet. If you start from scratch, you could use SCRAM-SHA-256(-PLUS) and limit your offered mechanims e.g. with the option:
mech_list=GS2-KRB5 SCRAM-SHA-256 GSSAPI GSS-SPNEGO EXTERNAL PLAIN ANONYMOUS
Hint: do not add the PLUS variants. It's done automatically. Adding the text SCRAM-SHA-256-PLUS will fail your server.

This way your saslpasswd2 will create the entries for SCRAM-SHA-256

[Neustradamus]

Good to see that more and more people use SCRAM SASL!

Note: About SCRAM-SHA-512(-PLUS) is not yet official but a lot of projects always use:

• https://github.com/search?q=%22SCRAM-SHA-512%22&type=code

Linked to:

• State of Play scram-sasl/info#1