Home > mailing lists

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: [HACKERS] SCRAM salt length
Date	August 17, 2017 22:10:09
Msg-id	bcc38e7d-4a98-7a90-222d-35f198587d59@iki.fi Whole thread Raw
In response to	Re: [HACKERS] SCRAM salt length (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: [HACKERS] SCRAM salt length (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
List	pgsql-hackers

Tree view

On 08/17/2017 05:23 PM, Peter Eisentraut wrote:
> On 8/17/17 09:21, Heikki Linnakangas wrote:
>> The RFC doesn't say anything about salt
>> length, but the one example in it uses a 16 byte string as the salt.
>> That's more or less equal to the current default of 12 raw bytes, after
>> base64-encoding.
> 
> The example is
> 
>     S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,
>        s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
> 
> That salt is 24 characters and 16 raw bytes.

Ah, I see, that's from the SCRAM-SHA-256 spec. I was looking at the 
example in the original SCRAM-SHA-1 spec:

S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,      i=4096

- Heikki

pgsql-hackers by date:

From: Dang Minh Huong
Date: 17 August 2017, 21:43:13
Subject: Re: [HACKERS] Extra Vietnamese unaccent rules

From: Tom Lane
Date: 17 August 2017, 22:15:58
Subject: Re: [HACKERS] pl/perl extension fails on Windows

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

Previous

Next