Re: SCRAM salt length
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Robert Haas <robertmhaas@gmail.com>,
Michael Paquier <michael.paquier@gmail.com>
Cc: Aleksander Alekseev <a.alekseev@postgrespro.ru>,
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-08-17T13:21:43Z
Lists: pgsql-hackers
On 08/17/2017 04:04 PM, Robert Haas wrote: > On Wed, Aug 16, 2017 at 10:42 PM, Michael Paquier > <michael.paquier@gmail.com> wrote: >> In the initial discussions there was as well a mention about using 16 bytes. >> https://www.postgresql.org/message-id/507550BD.2030401@vmware.com >> As we are using SCRAM-SHA-256, let's bump it up and be consistent. >> That's now or never. > > This was discussed and changed once before at > https://www.postgresql.org/message-id/df8c6e27-4d8e-5281-96e5-131a4e638fc8@8kdata.com Different thing. That was the nonce length, now we're talking about salt length. I think 2^96 is large enough. The RFC doesn't say anything about salt length, but the one example in it uses a 16 byte string as the salt. That's more or less equal to the current default of 12 raw bytes, after base64-encoding. On 08/17/2017 05:42 AM, Michael Paquier wrote: > That's now or never. Not really. That constant is just the default to use when creating new password verifiers, but the code can handle any salt length, and different verifiers can have different lengths. - Heikki
Commits
-
Increase SCRAM salt length
- cf98e3837db3 10.0 landed
- fe7774144d5c 11.0 landed
-
Make SCRAM salts and nonces longer.
- 0557a5dc2cf8 10.0 cited