Increase SCRAM salt length
The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC 7677 for SCRAM-SHA-256 uses 16, so use that. (This does not affect the validity of already stored verifiers.) Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com
This commit is contained in:
parent
1177ab1dab
commit
fe7774144d
|
@ -28,10 +28,17 @@
|
|||
*/
|
||||
#define SCRAM_RAW_NONCE_LEN 18
|
||||
|
||||
/* length of salt when generating new verifiers */
|
||||
#define SCRAM_DEFAULT_SALT_LEN 12
|
||||
/*
|
||||
* Length of salt when generating new verifiers, in bytes. (It will be stored
|
||||
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
|
||||
* RFC 7677 uses.
|
||||
*/
|
||||
#define SCRAM_DEFAULT_SALT_LEN 16
|
||||
|
||||
/* default number of iterations when generating verifier */
|
||||
/*
|
||||
* Default number of iterations when generating verifier. Should be at least
|
||||
* 4096 per RFC 7677.
|
||||
*/
|
||||
#define SCRAM_DEFAULT_ITERATIONS 4096
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue