| From: | Victor Wagner <vitus(at)wagner(dot)pp(dot)ru> |
|---|---|
| To: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Password identifiers, protocol aging and SCRAM protocol |
| Date: | 2016-11-09 06:59:27 |
| Message-ID: | 20161109095927.701c32e8@fafnir.local.vm |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 9 Nov 2016 15:23:11 +0900
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:
>
> (This is about patch 0007, not 0001)
> Thanks, you are right. That's not good as-is. So this basically means
> that the characters here should be from 32 to 127 included.
Really, most important is to exclude comma from the list of allowed
characters. And this prevents us from using a range.
I'd do something like:
char prinables="0123456789ABCDE(dot)(dot)(dot)xyz!(at)#*&+";
unsigned int r;
for (i=0;i<SCRAM_NONCE_SIZE;i++) {
pg_strong_random(&r,sizeof(unsigned int))
nonce[i]=printables[r%(sizeof(prinables)-1)]
/* -1 is here to exclude terminating zero byte*/
}
> generate_nonce needs just to be made smarter in the way it selects the
> character bytes.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro HORIGUCHI | 2016-11-09 08:38:53 | Re: Radix tree for character conversion |
| Previous Message | Michael Paquier | 2016-11-09 06:55:52 | Re: WAL logging problem in 9.4.3? |