This video was recorded at virtual Code BEAM V America conference, which took place on 10-12th March 2021 - https://codesync.global/conferences/code-beam-v-america-2021/ SCRAM: Challenging your authentication in the BEAM | Nelson Vides - Core developer at MongooseIM ABSTRACT Passwords, that nemesis of all users. Get a weak password, and it can be cracked. Store it plaintext, and it can be stolen. Store it hashed, and it can be brute-forced. Use the same in two different places, and stealing one means losing the other. Submit it deterministically, and the authentication can be replayed by an attacker. Enter SCRAM, a: Salted: no two usages of the same password can be matched challenge: exponentially slow down brute-force attacks. Response: clients need to submit a different response on each authentication, hence solving replay attacks. Authentication Mechanism: well, you guess what this means. But mind you, the challenge needs to be a challenge for the client, not for the server! In this talk I’ll introduce you to this authentication protocol, and to some implementation tricks that all evil attackers know but servers tend to forget. And to some very important insight on how to do this efficiently on the BEAM OBJECTIVE To introduce an authentication mechanism that is NIST approved, a ietf standard, and with plenty of open-source libraries ready to be plugged in your project: in particular, to present the most performant Erlang library for the protocol you can find. • Timecodes 00:00 - 01:47 - Intro 01:48 - 11:46 - Elixir vs NodeJS 11:47 - 12:23 - Phoenix vs Rails 12:24 - 14:18 - Broadway vs Oban 14:19 - 24:43 - Testing 37:37 - 40:14 - QnA • Follow us on social: Website: https://codesync.global/conferences/code-beam-v-america-2021/ Twitter: https://twitter.com/CodeBEAMio • Looking for a unique learning experience? Attend the next Code Sync conference near you! See what's coming up at: https://codesync.global • SUBSCRIBE TO OUR CHANNEL https://www.youtube.com/channel/UC47eUBNO8KBH_V8AfowOWOw