| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SCRAM salt length |
| Date: | 2017-08-17 02:42:39 |
| Message-ID: | CAB7nPqRfy5M4TnbkMgk=muTJG-wzwyQkGwkS203LjhhpayMe8Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Aug 17, 2017 at 12:10 AM, Aleksander Alekseev
<a(dot)alekseev(at)postgrespro(dot)ru> wrote:
>> The SCRAM salt length is currently set as
>>
>> /* length of salt when generating new verifiers */
>> #define SCRAM_DEFAULT_SALT_LEN 12
>>
>> without further comment.
>>
>> I suspect that this length was chosen based on the example in RFC 5802
>> (SCRAM-SHA-1) section 5. But the analogous example in RFC 7677
>> (SCRAM-SHA-256) section 3 uses a length of 16. Should we use that instead?
In the initial discussions there was as well a mention about using 16 bytes.
https://www.postgresql.org/message-id/507550BD.2030401@vmware.com
As we are using SCRAM-SHA-256, let's bump it up and be consistent.
That's now or never.
> Maybe this length was chosen just because it becomes a 16-characters
> string after base64encode. If I understand correctly RFC 5802 and RFC
> 7677 don't say much about the required or recommended length of the
> salt.
Yep, it doesn't provide any recommendation.
> I personally believe that 2^96 of possible salts is consistent with both
> RFCs and should be enough in practice.
(12 bytes * 8) = 96, so you would favor 12 as length.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-08-17 02:56:47 | Re: Extra Vietnamese unaccent rules |
| Previous Message | Amit Langote | 2017-08-17 02:36:04 | Re: expanding inheritance in partition bound order |