Home > mailing lists

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: [HACKERS] SCRAM salt length
Date	August 17, 2017 19:21:43
Msg-id	f56a14b2-2367-7701-a73a-770ab2a7524f@iki.fi Whole thread Raw
In response to	Re: [HACKERS] SCRAM salt length (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: [HACKERS] SCRAM salt length (Robert Haas <robertmhaas@gmail.com>) Re: [HACKERS] SCRAM salt length (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) Re: [HACKERS] SCRAM salt length (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-hackers

Tree view

On 08/17/2017 04:04 PM, Robert Haas wrote:
> On Wed, Aug 16, 2017 at 10:42 PM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> In the initial discussions there was as well a mention about using 16 bytes.
>> https://www.postgresql.org/message-id/507550BD.2030401@vmware.com
>> As we are using SCRAM-SHA-256, let's bump it up and be consistent.
>> That's now or never.
> 
> This was discussed and changed once before at
> https://www.postgresql.org/message-id/df8c6e27-4d8e-5281-96e5-131a4e638fc8@8kdata.com

Different thing. That was the nonce length, now we're talking about salt 
length.

I think 2^96 is large enough. The RFC doesn't say anything about salt 
length, but the one example in it uses a 16 byte string as the salt. 
That's more or less equal to the current default of 12 raw bytes, after 
base64-encoding.

On 08/17/2017 05:42 AM, Michael Paquier wrote:> That's now or never.

Not really. That constant is just the default to use when creating new 
password verifiers, but the code can handle any salt length, and 
different verifiers can have different lengths.

- Heikki

pgsql-hackers by date:

From: Robert Haas
Date: 17 August 2017, 19:04:13
Subject: Re: [HACKERS] SCRAM salt length

From: Erik Rijkers
Date: 17 August 2017, 19:34:43
Subject: [HACKERS] changed column-count breaks pdf build

Re: [HACKERS] SCRAM salt length - Mailing list pgsql-hackers

Previous

Next