serv/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2024-12-26 08:23:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
mox/scram
History
Mechiel Lukkien c57aeac7f0
prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 
an é (e with accent) can also be written as e+\u0301. the first form is NFC,
the second NFD. when logging in, we transform usernames (email addresses) to
NFC. so both forms will be accepted. if a client is using NFD, they can log
in too.

for passwords, we apply the PRECIS "opaquestring", which (despite the name)
transforms the value too: unicode spaces are replaced with ascii spaces. the
string is also normalized to NFC. PRECIS may reject confusing passwords when
you set a password.
2024-03-09 09:20:29 +01:00
..
examples_test.go implement the plus variants of scram, to bind the authentication exchange to the tls connection 2023-12-23 23:19:36 +01:00
parse.go implement the plus variants of scram, to bind the authentication exchange to the tls connection 2023-12-23 23:19:36 +01:00
scram.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
scram_test.go implement the plus variants of scram, to bind the authentication exchange to the tls connection 2023-12-23 23:19:36 +01:00