Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop. - Mailing list pgsql-hackers

From Aleksander Alekseev
Subject Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop.
Date
Msg-id CAJ7c6TMLeqc6MR76LaJCk3jeBnnX=tuVUE=yv9+k7tkCb-OeYg@mail.gmail.com
Whole thread Raw
In response to Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop.  (Bowen Shi <zxwsbg12138@gmail.com>)
Responses Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop.
List pgsql-hackers
Hi,

> > If we want to add CHECK_FOR_INTERRUPTS inside the loop I think a brief
> > comment would be appropriate.
>
> This has been completed in patch v2 and it's ready for review.

Thanks!

> > I don't think it would be useful to limit this at an arbitrary point, iteration
> > count can be set per password and if someone wants a specific password to be
> > super-hard to brute force then why should we limit that?
> I agree with that. Maybe some users do want a super-hard password.
> RFC 7677 and RFC 5802 don't specify the maximum number of iterations.

That's a fairly good point. However we are not obligated not to
implement everything that is missing in RFC. Also in fact we already
limit the number of iterations to INT_MAX.

If we decide to limit this number even further the actual problem is
to figure out what the new practical limit would be. Regardless of the
chosen number there is a possibility of breaking backward
compatibility for certain users.

For this reason I believe merging the proposed patch would be the
right move at this point. It doesn't make anything worse for the
existing users and solves a potential problem for some of them.

-- 
Best regards,
Aleksander Alekseev



pgsql-hackers by date:

Previous
From: Xiang Gao
Date:
Subject: RE: CRC32C Parallel Computation Optimization on ARM
Next
From: Peter Eisentraut
Date:
Subject: Re: patch: improve "user mapping not found" error message