Re: SCRAM salt length
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Aleksander Alekseev <a.alekseev@postgrespro.ru>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-08-17T02:42:39Z
Lists: pgsql-hackers
On Thu, Aug 17, 2017 at 12:10 AM, Aleksander Alekseev <a.alekseev@postgrespro.ru> wrote: >> The SCRAM salt length is currently set as >> >> /* length of salt when generating new verifiers */ >> #define SCRAM_DEFAULT_SALT_LEN 12 >> >> without further comment. >> >> I suspect that this length was chosen based on the example in RFC 5802 >> (SCRAM-SHA-1) section 5. But the analogous example in RFC 7677 >> (SCRAM-SHA-256) section 3 uses a length of 16. Should we use that instead? In the initial discussions there was as well a mention about using 16 bytes. https://www.postgresql.org/message-id/507550BD.2030401@vmware.com As we are using SCRAM-SHA-256, let's bump it up and be consistent. That's now or never. > Maybe this length was chosen just because it becomes a 16-characters > string after base64encode. If I understand correctly RFC 5802 and RFC > 7677 don't say much about the required or recommended length of the > salt. Yep, it doesn't provide any recommendation. > I personally believe that 2^96 of possible salts is consistent with both > RFCs and should be enough in practice. (12 bytes * 8) = 96, so you would favor 12 as length. -- Michael
Commits
-
Increase SCRAM salt length
- cf98e3837db3 10.0 landed
- fe7774144d5c 11.0 landed
-
Make SCRAM salts and nonces longer.
- 0557a5dc2cf8 10.0 cited