Home > mailing lists

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [HACKERS] SCRAM salt length
Date	August 17, 2017 20:03:53
Msg-id	CA+TgmobU87vThH49WZxYxjJjftqggSwS9JJs46+iEjmMt_G6rQ@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] SCRAM salt length (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

On Thu, Aug 17, 2017 at 9:21 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> Different thing. That was the nonce length, now we're talking about salt
> length.

Actually that commit (0557a5dc2cf845639d384801b6861ebbd35dc7ee) changed both:

-#define SCRAM_RAW_NONCE_LEN         10
+#define SCRAM_RAW_NONCE_LEN         18
/* length of salt when generating new verifiers */
-#define SCRAM_DEFAULT_SALT_LEN      10
+#define SCRAM_DEFAULT_SALT_LEN      12

I don't think I understand exactly how they're different; especially,
I don't quite understand how the nonce is used.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Tom Lane
Date: 17 August 2017, 19:58:37
Subject: Re: [HACKERS] pl/perl extension fails on Windows

From: Daniel Gustafsson
Date: 17 August 2017, 20:14:24
Subject: Re: [HACKERS] Support for Secure Transport SSL library on macOS as OpenSSL alternative

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

Previous

Next