SCRAM-SHA-256
E761754
SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
All labels observed (1)
| Label | Occurrences |
|---|---|
| SCRAM-SHA-256 canonical | 2 |
How this entity was disambiguated
This entity first appeared as the object of triple T8828730 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: SCRAM-SHA-256 Context triple: [CRAM-MD5, weakerThan, SCRAM-SHA-256]
-
A.
SASL
SASL (Simple Authentication and Security Layer) is a framework for adding modular authentication and optional data security services to connection-based network protocols.
-
B.
Secure Authentication Version 5
Secure Authentication Version 5 is a security enhancement for the DNP3 protocol that provides robust authentication and protection against unauthorized control and cyber attacks in industrial control systems.
-
C.
CRAM-MD5
CRAM-MD5 is a challenge–response authentication mechanism that uses MD5 hashing to securely verify a user's identity without transmitting their password in plaintext.
-
D.
SHA256SU0
SHA256SU0 is an ARMv8 cryptographic extension instruction used to accelerate part of the SHA-256 message schedule computation in hardware.
-
E.
HMAC
HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: SCRAM-SHA-256 Target entity description: SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
-
A.
SASL
SASL (Simple Authentication and Security Layer) is a framework for adding modular authentication and optional data security services to connection-based network protocols.
-
B.
Secure Authentication Version 5
Secure Authentication Version 5 is a security enhancement for the DNP3 protocol that provides robust authentication and protection against unauthorized control and cyber attacks in industrial control systems.
-
C.
CRAM-MD5
CRAM-MD5 is a challenge–response authentication mechanism that uses MD5 hashing to securely verify a user's identity without transmitting their password in plaintext.
-
D.
SHA256SU0
SHA256SU0 is an ARMv8 cryptographic extension instruction used to accelerate part of the SHA-256 message schedule computation in hardware.
-
E.
HMAC
HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.
- F. None of above. chosen
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
SASL mechanism
ⓘ
authentication mechanism ⓘ password-based authentication mechanism ⓘ |
| avoids |
reusable password equivalents on the wire
ⓘ
server-side storage of plaintext passwords ⓘ |
| basedOn | Salted Challenge Response Authentication Mechanism NERFINISHED ⓘ |
| category |
computer security
ⓘ
cryptographic protocol ⓘ |
| definedInRFC | RFC 7677 NERFINISHED ⓘ |
| extendsSpecification | SCRAM NERFINISHED ⓘ |
| hasProperty |
does not send plaintext passwords
ⓘ
resistant to passive eavesdropping ⓘ resistant to replay attacks ⓘ supports configurable work factor via iterations ⓘ supports salted password storage on server ⓘ |
| hasVariant | SCRAM-SHA-256-PLUS ⓘ |
| improvesUpon | SCRAM-SHA-1 NERFINISHED ⓘ |
| PLUSVariantSupports | channel binding ⓘ |
| provides |
password-based authentication
ⓘ
protection against credential theft ⓘ protection against replay attacks ⓘ |
| relatedTo |
SCRAM-SHA-1
NERFINISHED
ⓘ
SCRAM-SHA-256-PLUS ⓘ |
| securityGoal | secure password authentication over untrusted networks ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supports | mutual authentication ⓘ |
| supportsFeature |
client authentication
ⓘ
password stretching ⓘ server authentication ⓘ |
| usedIn |
SASL authentication for IMAP
ⓘ
SASL authentication for SMTP ⓘ SASL authentication for XMPP ⓘ database authentication mechanisms ⓘ message-oriented middleware authentication ⓘ |
| uses |
channel binding (optional)
ⓘ
nonce-based challenge-response ⓘ salted password hashing ⓘ |
| usesHashFunction | SHA-256 ⓘ |
| usesParameter |
client nonce
ⓘ
iteration count ⓘ salt ⓘ server key ⓘ server nonce ⓘ stored key ⓘ |
| usesProtocol | SCRAM NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: SCRAM-SHA-256 Description of subject: SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.