About authentication methods

2020-12-28

This article asks why there are so many authentication methods when the simplest one works just fine.

There are several methods for password-based authentication with SMTP, POP3, IMAP and other protocols. The simplest one is PLAIN. It just sends user name and password, and that's it. The server side only needs to store a hash of the password, not the password itself, so it cannot be stolen from the server. The client side can store the password encrypted, so it cannot be stolen from the client either (in msmtp and mpop: use a keyring or use gpg with passwordeval). The transmission of the password is inside a TLS-secured session, so the client knows it is really talking to the right service and not to an attacker, and eavesdropping is prevented.

So, all problems are solved, right? But why then are there so many authentication methods? I have not found a convincing answer to this question yet. In the following, I will argue that even the relatively new SCRAM-SHA-256 method does not provide any practical benefit over PLAIN and is far more complex than it should be. If I am wrong, please send me a mail and correct me. I promise I will update this article with all the convincing arguments I receive.

My premise is that everyone is using TLS for every SMTP, POP3 or IMAP session nowadays, since there is no such thing as a trustworthy network.
So what benefits does SCRAM-SHA-256 promise? According to RFC 5802:

So what's left? Nothing. I really hope I'm wrong.

Update 2021-01-27: Here's the update I promised. The good news: I was wrong.

Update 2021-06-15: Simon Josefsson wrote an article about authentication mechanisms. It highlights problems with SCRAM, but also points out that SCRAM addresses some shortcomings of simpler mechanisms such as PLAIN.