SCRAM-SHA-256
E761754
SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
SASL mechanism
ⓘ
authentication mechanism ⓘ password-based authentication mechanism ⓘ |
| avoids |
reusable password equivalents on the wire
ⓘ
server-side storage of plaintext passwords ⓘ |
| basedOn | Salted Challenge Response Authentication Mechanism NERFINISHED ⓘ |
| category |
computer security
ⓘ
cryptographic protocol ⓘ |
| definedInRFC | RFC 7677 NERFINISHED ⓘ |
| extendsSpecification | SCRAM NERFINISHED ⓘ |
| hasProperty |
does not send plaintext passwords
ⓘ
resistant to passive eavesdropping ⓘ resistant to replay attacks ⓘ supports configurable work factor via iterations ⓘ supports salted password storage on server ⓘ |
| hasVariant | SCRAM-SHA-256-PLUS ⓘ |
| improvesUpon | SCRAM-SHA-1 NERFINISHED ⓘ |
| PLUSVariantSupports | channel binding ⓘ |
| provides |
password-based authentication
ⓘ
protection against credential theft ⓘ protection against replay attacks ⓘ |
| relatedTo |
SCRAM-SHA-1
NERFINISHED
ⓘ
SCRAM-SHA-256-PLUS ⓘ |
| securityGoal | secure password authentication over untrusted networks ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supports | mutual authentication ⓘ |
| supportsFeature |
client authentication
ⓘ
password stretching ⓘ server authentication ⓘ |
| usedIn |
SASL authentication for IMAP
ⓘ
SASL authentication for SMTP ⓘ SASL authentication for XMPP ⓘ database authentication mechanisms ⓘ message-oriented middleware authentication ⓘ |
| uses |
channel binding (optional)
ⓘ
nonce-based challenge-response ⓘ salted password hashing ⓘ |
| usesHashFunction | SHA-256 ⓘ |
| usesParameter |
client nonce
ⓘ
iteration count ⓘ salt ⓘ server key ⓘ server nonce ⓘ stored key ⓘ |
| usesProtocol | SCRAM NERFINISHED ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.
subject surface form:
MongoDB