Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: [HACKERS] SCRAM salt length
Date
Msg-id CAB7nPqR63o2Xvr7LqYXE6HyfKRKQ3KqMg7z0Zh5EbeiKKSfa2w@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] SCRAM salt length  (Heikki Linnakangas <hlinnaka@iki.fi>)
List pgsql-hackers
On Thu, Aug 17, 2017 at 10:21 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> On 08/17/2017 05:42 AM, Michael Paquier wrote:
>> That's now or never.
>
> Not really. That constant is just the default to use when creating new
> password verifiers, but the code can handle any salt length, and different
> verifiers can have different lengths.

Indeed, fuzzy memory here. I thought that parse_scram_verifier()
checked the salt length with the default value, but that's not the
case. Perhaps at some point in the development there was a check of
this kind..
-- 
Michael



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: [HACKERS] SCRAM salt length
Next
From: Amit Kapila
Date:
Subject: Re: [HACKERS] [BUGS] [postgresql 10 beta3] unrecognized node type: 90