Skip to content

Commit fe77741

Browse files
peterepetere
committed
Increase SCRAM salt length
The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC 7677 for SCRAM-SHA-256 uses 16, so use that. (This does not affect the validity of already stored verifiers.) Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com
1 parent 1177ab1 commit fe77741

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

src/include/common/scram-common.h

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,17 @@
2828
*/
2929
#define SCRAM_RAW_NONCE_LEN 18
3030

31-
/* length of salt when generating new verifiers */
32-
#define SCRAM_DEFAULT_SALT_LEN 12
31+
/*
32+
* Length of salt when generating new verifiers, in bytes. (It will be stored
33+
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
34+
* RFC 7677 uses.
35+
*/
36+
#define SCRAM_DEFAULT_SALT_LEN 16
3337

34-
/* default number of iterations when generating verifier */
38+
/*
39+
* Default number of iterations when generating verifier. Should be at least
40+
* 4096 per RFC 7677.
41+
*/
3542
#define SCRAM_DEFAULT_ITERATIONS 4096
3643

3744
/*

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy