In the previous blog article (Basic and Digest Authentication Types) we have started reviewing authentication types . This time we will focus on SCRAM which is a family of HTTP authentication mechanisms.
XMPP supports plaintext, digest password exchanges and also SCRAM (Salted Challenge Response Authentication Mechanism). SCRAM introduces advantages over Digest, since it allows the server to store password hashes in an irreversible format.
This feature protects against offline attacks on the password and user database. The client can also save a hash-only version of the password, making it more difficult for attackers (who may have access to the PC where the password is stored) to understand the password in plaintext format.
Furthermore, SCRAM protects from man-in-the-middle attacks when certificates are used. This is done by allowing the server to prove to the client that, not only is the certificate signed by a CA (Certification Authority), but that it also knows the password.