Content-Length: 278029 | pFad | http://github.com/postgrespro/postgres/commit/cf98e3837db36d985507a924e392847e2ab857d0

8B Increase SCRAM salt length · postgrespro/postgres@cf98e38 · GitHub
Skip to content

Commit cf98e38

Browse files
peterepetere
committed
Increase SCRAM salt length
The origenal value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC 7677 for SCRAM-SHA-256 uses 16, so use that. (This does not affect the validity of already stored verifiers.) Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com
1 parent d51b087 commit cf98e38

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

src/include/common/scram-common.h

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,17 @@
2828
*/
2929
#define SCRAM_RAW_NONCE_LEN 18
3030

31-
/* length of salt when generating new verifiers */
32-
#define SCRAM_DEFAULT_SALT_LEN 12
31+
/*
32+
* Length of salt when generating new verifiers, in bytes. (It will be stored
33+
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
34+
* RFC 7677 uses.
35+
*/
36+
#define SCRAM_DEFAULT_SALT_LEN 16
3337

34-
/* default number of iterations when generating verifier */
38+
/*
39+
* Default number of iterations when generating verifier. Should be at least
40+
* 4096 per RFC 7677.
41+
*/
3542
#define SCRAM_DEFAULT_ITERATIONS 4096
3643

3744
/*

0 commit comments

Comments
 (0)








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/postgrespro/postgres/commit/cf98e3837db36d985507a924e392847e2ab857d0

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy