On 08/17/2017 04:04 PM, Robert Haas wrote:
> On Wed, Aug 16, 2017 at 10:42 PM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> In the initial discussions there was as well a mention about using 16 bytes.
>> https://www.postgresql.org/message-id/507550BD.2030401@vmware.com
>> As we are using SCRAM-SHA-256, let's bump it up and be consistent.
>> That's now or never.
>
> This was discussed and changed once before at
> https://www.postgresql.org/message-id/df8c6e27-4d8e-5281-96e5-131a4e638fc8@8kdata.com
Different thing. That was the nonce length, now we're talking about salt
length.
I think 2^96 is large enough. The RFC doesn't say anything about salt
length, but the one example in it uses a 16 byte string as the salt.
That's more or less equal to the current default of 12 raw bytes, after
base64-encoding.
On 08/17/2017 05:42 AM, Michael Paquier wrote:> That's now or never.
Not really. That constant is just the default to use when creating new
password verifiers, but the code can handle any salt length, and
different verifiers can have different lengths.
- Heikki
