Commitfe77741

committed

Increase SCRAM salt length

The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC7677 for SCRAM-SHA-256 uses 16, so use that. (This does not affect thevalidity of already stored verifiers.)Discussion:https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com

1 parent1177ab1 commitfe77741Copy full SHA for fe77741

File tree

+10

-3

lines changed

+10

-3

lines changed

Lines changed: 10 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,10 +28,17 @@`
`28`	`28`	`*/`
`29`	`29`	`#defineSCRAM_RAW_NONCE_LEN18`
`30`	`30`
`31`		`-/* length of salt when generating new verifiers */`
`32`		`-#defineSCRAM_DEFAULT_SALT_LEN12`
	`31`	`+/*`
	`32`	`+ * Length of salt when generating new verifiers, in bytes. (It will be stored`
	`33`	`+ * and sent over the wire encoded in Base64.) 16 bytes is what the example in`
	`34`	`+ * RFC 7677 uses.`
	`35`	`+ */`
	`36`	`+#defineSCRAM_DEFAULT_SALT_LEN16`
`33`	`37`
`34`		`-/* default number of iterations when generating verifier */`
	`38`	`+/*`
	`39`	`+ * Default number of iterations when generating verifier. Should be at least`
	`40`	`+ * 4096 per RFC 7677.`
	`41`	`+ */`
`35`	`42`	`#defineSCRAM_DEFAULT_ITERATIONS4096`
`36`	`43`
`37`	`44`	`/*`

Comments

(0)