use of the term "verifier" with SCRAM - Mailing list pgsql-hackers

From Peter Eisentraut
Subject use of the term "verifier" with SCRAM
Date
Msg-id be397b06-6e4b-ba71-c7fb-54cae84a7e18@2ndquadrant.com
Whole thread Raw
Responses Re: use of the term "verifier" with SCRAM
List pgsql-hackers
I'm confused by how the code uses the term "verifier" in relation to SCRAM.

ISTM that the code uses the term as meaning whatever is or would be
stored in pg_auth.rolpassword.

I don't see this usage supported in the RFCs.  In RFC 5802,

    verifier        = "v=" base64
                    ;; base-64 encoded ServerSignature.

where

    ServerSignature := HMAC(ServerKey, AuthMessage)
    ServerKey       := HMAC(SaltedPassword, "Server Key")
    AuthMessage     := client-first-message-bare + "," +
                       server-first-message + "," +
                       client-final-message-without-proof

whereas what is stored in rolpassword is

    SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>

where

    StoredKey       := H(ClientKey)
    ClientKey       := HMAC(SaltedPassword, "Client Key")

So while these are all related, I don't think it's accurate to call what
is in rolpassword a SCRAM "verifier".

RFC 5803 is titled "Lightweight Directory Access Protocol (LDAP) Schema
for Storing Salted Challenge Response Authentication Mechanism (SCRAM)
Secrets".  Following that, I think calling the contents of rolpassword a
"secret" or a "stored secret" would be better.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: BF failure: could not open relation with OID XXXX while querying pg_views
Next
From: David Rowley
Date:
Subject: Re: Custom table AMs need to include heapam.h because of BulkInsertState