CRAM-MD5

In cryptography, CRAM-MD5 is a challenge-response authentication mechanism (hence "CRAM") defined in RFC 2195 based on the HMAC-MD5 MAC algorithm. It is employed by some SASL implementations, and it is quite often supported by SMTP-AUTH Mail submission agents.

Protocol

In CRAM-MD5 authentication the server first sends a challenge string to the client. The client responds with a username followed by a space character and then a 16-byte digest in hexadecimal notation. The digest is the output of HMAC-MD5 with the user's password as the secret key, and the server's original challenge as the message. The server also calculates its own digest with its notion of the user's password, and if the client's digest and the server's digest match then authentication was successful.

This provides three important types of security. First, others cannot duplicate the hash without knowing the password. This provides authentication. Second, others cannot replay the hash—it is dependent on the unpredictable challenge. This is variously called freshness or replay prevention. Third, observers do not learn the password. This is called secrecy. The two important features of this protocol that provide these three security benefits are the one-way hash and the fresh random challenge.

History

CRAM-MD5 was originally defined in RFC 2095, later obsoleted by RFC 2195. In practice it's the only allowed and supported SASL-mechanism for ESMTPA without Transport Layer Security (TLS). CRAM-MD5 is required for On-Demand Mail Relay (ODMR) defined in RFC 2645. The also often supported SASL-mechanism plain for ESMTPA is officially not allowed outside of secure connections (TLS, the successor of SSL), and mechanism login is no SASL-mechanism at all - both transport unencrypted passwords. They scramble the passwords with Base64 encoding. Since Base64 is not one-way, there is no secrecy.

The Internet Assigned Numbers Authority (IANA) maintains two registries relevant for CRAM-MD5:

1. SASL-mechanisms incl. CRAM-MD5 for limited use, PLAIN, and DIGEST-MD5
2. Mail transmission protocol types incl. ESMTP, ESMTPA, ESMTPS, and ESMTPSA

ESMTPA stands for ESMTP with SMTP-AUTH, and ESMTP is SMTP with Service Extensions as defined in RFC 2821. ESMTPS is ESMTP over a secure connection. ESMTPSA is both ESMTPA and ESMTPS - that's a constellation where SASL-mechanism plain is allowed.

John Klensin was the editor or co-author of (among many others) RFCs 2095, 2195, 2476, 2645, 2821, and 4409.

See also

• Simple Authentication and Security Layer (SASL)
• Simple Mail Transfer Protocol (SMTP)
• Internet Message Access Protocol (IMAP)
• Post Office Protocol (POP)
• HMAC, MD5, SMTP-AUTH

External links

• RFC 2195 IMAP/POP AUTHorize Extension for Simple Challenge/Response
• IANA registry of SASL mechanisms
• IANA registry of MAIL parameters
• 2195bis Internet draft (for I18N in SASL)
• MD5 Homepage (unofficial)