Re: Password identifiers, protocol aging and SCRAM protocol - Mailing list pgsql-hackers

From Victor Wagner
Subject Re: Password identifiers, protocol aging and SCRAM protocol
Date
Msg-id 20161109095927.701c32e8@fafnir.local.vm
Whole thread Raw
In response to Re: Password identifiers, protocol aging and SCRAM protocol  (Michael Paquier <michael.paquier@gmail.com>)
List pgsql-hackers
On Wed, 9 Nov 2016 15:23:11 +0900
Michael Paquier <michael.paquier@gmail.com> wrote:


> 
> (This is about patch 0007, not 0001)
> Thanks, you are right. That's not good as-is. So this basically means
> that the characters here should be from 32 to 127 included.

Really, most important is to exclude comma from the list of allowed
characters. And this prevents us from using a range.

I'd do something like:

char prinables="0123456789ABCDE...xyz!@#*&+";
unsigned int r;

for (i=0;i<SCRAM_NONCE_SIZE;i++) {    pg_strong_random(&r,sizeof(unsigned int))
nonce[i]=printables[r%(sizeof(prinables)-1)]   /* -1 is here to exclude terminating zero byte*/
 
}   

> generate_nonce needs just to be made smarter in the way it selects the
> character bytes.




pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: WAL logging problem in 9.4.3?
Next
From: Kyotaro HORIGUCHI
Date:
Subject: Re: Radix tree for character conversion