| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | use of the term "verifier" with SCRAM |
| Date: | 2019-08-14 05:59:16 |
| Message-ID: | be397b06-6e4b-ba71-c7fb-54cae84a7e18@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I'm confused by how the code uses the term "verifier" in relation to SCRAM.
ISTM that the code uses the term as meaning whatever is or would be
stored in pg_auth.rolpassword.
I don't see this usage supported in the RFCs. In RFC 5802,
verifier = "v=" base64
;; base-64 encoded ServerSignature.
where
ServerSignature := HMAC(ServerKey, AuthMessage)
ServerKey := HMAC(SaltedPassword, "Server Key")
AuthMessage := client-first-message-bare + "," +
server-first-message + "," +
client-final-message-without-proof
whereas what is stored in rolpassword is
SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
where
StoredKey := H(ClientKey)
ClientKey := HMAC(SaltedPassword, "Client Key")
So while these are all related, I don't think it's accurate to call what
is in rolpassword a SCRAM "verifier".
RFC 5803 is titled "Lightweight Directory Access Protocol (LDAP) Schema
for Storing Salted Challenge Response Authentication Mechanism (SCRAM)
Secrets". Following that, I think calling the contents of rolpassword a
"secret" or a "stored secret" would be better.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2019-08-14 06:11:06 | Re: Custom table AMs need to include heapam.h because of BulkInsertState |
| Previous Message | Thomas Munro | 2019-08-14 05:24:26 | Re: BF failure: could not open relation with OID XXXX while querying pg_views |