| From: | Victor Wagner <vitus(at)wagner(dot)pp(dot)ru> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Password identifiers, protocol aging and SCRAM protocol |
| Date: | 2016-11-09 06:13:09 |
| Message-ID: | 20161109091309.6437a8b3@fafnir.local.vm |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 18 Oct 2016 16:35:27 +0900
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:
Hi
> Attached is a rebased patch set for SCRAM, with the following things:
> - 0001, moving all the SHA2 functions to src/common/ and introducing a
> PG-like interface. No actual changes here.
It seems, that client nonce generation in this patch is not
RFC-compliant.
RFC 5802 states that SCRAM nonce should be
a sequence of random printable ASCII
characters excluding ','
while this patch uses sequence of random bytes from pg_strong_random
function with zero byte appended.
It could cause following problems
1. If zero byte happens inside random sequence, nonce would be shorter
than expected, or even empty.
2. If one of bytes happens to be ASCII Code of comma, than server
to the client-first message, which includes copy of client nonce,
appended by server nonce,
as one of unquoted comman-separated field, would be parsed incorrectly.
Regards, Victor
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-11-09 06:23:11 | Re: Password identifiers, protocol aging and SCRAM protocol |
| Previous Message | Michael Paquier | 2016-11-09 05:54:45 | Re: [PATCH] Reload SSL certificates on SIGHUP |