Re: SCRAM salt length
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>, Robert Haas
<robertmhaas@gmail.com>, Michael Paquier <michael.paquier@gmail.com>
Cc: Aleksander Alekseev <a.alekseev@postgrespro.ru>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-08-17T20:50:52Z
Lists: pgsql-hackers
On 8/17/17 12:10, Heikki Linnakangas wrote: > On 08/17/2017 05:23 PM, Peter Eisentraut wrote: >> On 8/17/17 09:21, Heikki Linnakangas wrote: >>> The RFC doesn't say anything about salt >>> length, but the one example in it uses a 16 byte string as the salt. >>> That's more or less equal to the current default of 12 raw bytes, after >>> base64-encoding. >> >> The example is >> >> S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0, >> s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096 >> >> That salt is 24 characters and 16 raw bytes. > > Ah, I see, that's from the SCRAM-SHA-256 spec. I was looking at the > example in the original SCRAM-SHA-1 spec: > > S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92, > i=4096 Hence my original inquiry: "I suspect that this length was chosen based on the example in RFC 5802 (SCRAM-SHA-1) section 5. But the analogous example in RFC 7677 (SCRAM-SHA-256) section 3 uses a length of 16. Should we use that instead?" -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Increase SCRAM salt length
- cf98e3837db3 10.0 landed
- fe7774144d5c 11.0 landed
-
Make SCRAM salts and nonces longer.
- 0557a5dc2cf8 10.0 cited