SCRAM-SHA-1
E845091
SCRAM-SHA-1 is a password-based authentication mechanism that uses salted challenge–response hashing with SHA-1 to securely verify users without transmitting their plaintext passwords.
All labels observed (1)
| Label | Occurrences |
|---|---|
| SCRAM-SHA-1 canonical | 2 |
How this entity was disambiguated
This entity first appeared as the object of triple T10157929 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: SCRAM-SHA-1 Context triple: [SASL, mechanismExample, SCRAM-SHA-1]
-
A.
SCRAM-SHA-256
SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
-
B.
SASL
SASL (Simple Authentication and Security Layer) is a framework for adding modular authentication and optional data security services to connection-based network protocols.
-
C.
CRAM-MD5
CRAM-MD5 is a challenge–response authentication mechanism that uses MD5 hashing to securely verify a user's identity without transmitting their password in plaintext.
-
D.
Secure Authentication Version 5
Secure Authentication Version 5 is a security enhancement for the DNP3 protocol that provides robust authentication and protection against unauthorized control and cyber attacks in industrial control systems.
-
E.
HMAC
HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: SCRAM-SHA-1 Target entity description: SCRAM-SHA-1 is a password-based authentication mechanism that uses salted challenge–response hashing with SHA-1 to securely verify users without transmitting their plaintext passwords.
-
A.
SCRAM-SHA-256
SCRAM-SHA-256 is a modern, secure password-based authentication mechanism that uses the SHA-256 hash function within the SCRAM protocol to provide strong protection against credential theft and replay attacks.
-
B.
SASL
SASL (Simple Authentication and Security Layer) is a framework for adding modular authentication and optional data security services to connection-based network protocols.
-
C.
CRAM-MD5
CRAM-MD5 is a challenge–response authentication mechanism that uses MD5 hashing to securely verify a user's identity without transmitting their password in plaintext.
-
D.
Secure Authentication Version 5
Secure Authentication Version 5 is a security enhancement for the DNP3 protocol that provides robust authentication and protection against unauthorized control and cyber attacks in industrial control systems.
-
E.
HMAC
HMAC (Hash-based Message Authentication Code) is a cryptographic construction that combines a secret key with a hash function to provide data integrity and authentication.
- F. None of above. chosen
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
SASL mechanism
ⓘ
authentication mechanism ⓘ |
| avoids | plaintext password transmission ⓘ |
| basedOn | Salted Challenge Response Authentication Mechanism (SCRAM) NERFINISHED ⓘ |
| category |
challenge–response authentication
ⓘ
password-authenticated key exchange ⓘ |
| channelBindingVariant | SCRAM-SHA-1-PLUS ⓘ |
| definedIn | RFC 5802 NERFINISHED ⓘ |
| designedFor | Simple Authentication and Security Layer (SASL) NERFINISHED ⓘ |
| designGoal |
avoid sending passwords in cleartext
ⓘ
be suitable as a generic SASL mechanism ⓘ support server-side password database compromise mitigation ⓘ |
| doesNotProvide | protection against weak passwords ⓘ |
| hashFunction | SHA-1 ⓘ |
| hasSuccessor |
SCRAM-SHA-256
NERFINISHED
ⓘ
SCRAM-SHA-256-PLUS NERFINISHED ⓘ |
| messageFlow |
client-final-message
ⓘ
client-first-message ⓘ server-final-message ⓘ server-first-message ⓘ |
| negotiatedVia | SASL mechanism name "SCRAM-SHA-1" ⓘ |
| passwordStorageModel |
salted password verifier
ⓘ
server stores salted hash, not plaintext password ⓘ |
| provides |
protection against passive eavesdropping
ⓘ
protection against replay attacks ⓘ |
| requires |
configurable iteration count
ⓘ
unique salt per user ⓘ |
| role |
allows server to prove possession of stored verifier
ⓘ
verifies client knowledge of password ⓘ |
| standardizedBy | Internet Engineering Task Force (IETF) NERFINISHED ⓘ |
| status | discouraged in new designs due to SHA-1 weaknesses ⓘ |
| supportsChannelBindingVariant | SCRAM-SHA-1-PLUS GENERATED ⓘ |
| supportsFeature |
mutual authentication
ⓘ
proof of knowledge of password ⓘ server authentication ⓘ |
| updatedBy | RFC 7677 NERFINISHED ⓘ |
| usedIn |
IMAP authentication
ⓘ
MongoDB authentication ⓘ PostgreSQL authentication ⓘ SMTP authentication ⓘ XMPP authentication ⓘ |
| uses |
iteration count
ⓘ
nonce ⓘ salt ⓘ stored salted password verifier ⓘ |
| usesAlgorithm | SHA-1 ⓘ |
| usesTechnique | salted challenge–response hashing ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: SCRAM-SHA-1 Description of subject: SCRAM-SHA-1 is a password-based authentication mechanism that uses salted challenge–response hashing with SHA-1 to securely verify users without transmitting their plaintext passwords.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.