rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Increase SCRAM salt length 

The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC
7677 for SCRAM-SHA-256 uses 16, so use that.  (This does not affect the
validity of already stored verifiers.)

Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com
This commit is contained in:
Peter Eisentraut 2017-08-24 14:04:28 -04:00
parent 1177ab1dab
commit fe7774144d
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/include/common/scram-common.h
View File

@ -28,10 +28,17 @@
*/
#define SCRAM_RAW_NONCE_LEN 18
/* length of salt when generating new verifiers */
#define SCRAM_DEFAULT_SALT_LEN 12
/*
* Length of salt when generating new verifiers, in bytes. (It will be stored
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
* RFC 7677 uses.
*/
#define SCRAM_DEFAULT_SALT_LEN 16
/* default number of iterations when generating verifier */
/*
* Default number of iterations when generating verifier. Should be at least
* 4096 per RFC 7677.
*/
#define SCRAM_DEFAULT_ITERATIONS 4096
/*