Re: Implementation of SASLprep for SCRAM-SHA-256
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2017-03-31T07:10:03Z
Lists: pgsql-hackers
Attachments
- 0001-Implement-SASLprep-aka-NFKC-for-SCRAM-authentication.patch.gz (application/x-gzip) patch 0001
On Wed, Mar 8, 2017 at 10:39 PM, Robert Haas <robertmhaas@gmail.com> wrote: > On Tue, Mar 7, 2017 at 10:01 PM, Michael Paquier > <michael.paquier@gmail.com> wrote: >> This way, we can be sure that two UTf-8 strings are considered as >> equivalent in a SASL exchange, in our case we care about the password >> string (we should care about the username as well). Without SASLprep, >> our implementation of SCRAM may fail with other third-part tools if >> passwords are not made only of ASCII characters. And that sucks. > > Agreed. I am not sure this quite rises to the level of a stop-ship > issue; we could document the restriction. I am not sure about that, what we have now on HEAD is still useful and better than MD5. > However, that's pretty ugly; it would be a whole lot better to get this fixed. Agreed. > I kinda hope Heikki is going to step up to the plate here, because I > think he understands most of it already. The second person who knows a good deal about NFKC is Ishii-san. Attached is a rebased patch. -- Michael
Commits
-
Use SASLprep to normalize passwords for SCRAM authentication.
- 60f11b87a234 10.0 landed