Home > mailing lists

Re: [HACKERS] On-disk format of SCRAM verifiers - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: [HACKERS] On-disk format of SCRAM verifiers
Date	April 21, 2017 19:42:21
Msg-id	1A36BA21-A050-41FD-AD3C-87496FA1ED39@iki.fi Whole thread Raw
In response to	Re: [HACKERS] On-disk format of SCRAM verifiers (Michael Paquier <michael.paquier@gmail.com>)
Responses	Re: [HACKERS] On-disk format of SCRAM verifiers (Simon Riggs <simon@2ndquadrant.com>)
List	pgsql-hackers

Tree view

On 21 April 2017 16:20:56 EEST, Michael Paquier <michael.paquier@gmail.com> wrote:
>On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <simon@2ndquadrant.com>
>wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <hlinnaka@iki.fi>
>wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It
>*does* in
>>> fact specify a single string format to store the verifier in. And
>the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
>From 1.  Overview:

Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says
thatthe overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256"
(forour variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>" 

They really should've included examples in those RFCs.

- Heikki

pgsql-hackers by date:

From: Simon Riggs
Date: 21 April 2017, 19:31:42
Subject: Re: [HACKERS] On-disk format of SCRAM verifiers

From: ilmari@ilmari.org (Dagfinn Ilmari Mannsåker)
Date: 21 April 2017, 19:50:09
Subject: Re: [HACKERS] On-disk format of SCRAM verifiers

Re: [HACKERS] On-disk format of SCRAM verifiers - Mailing list pgsql-hackers

Previous

Next