git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1177ab1)
Increase SCRAM salt length
author Peter Eisentraut <peter_e@gmx.net>
2017年8月24日 18:04:28 +0000 (14:04 -0400)
committer Peter Eisentraut <peter_e@gmx.net>
2017年8月24日 18:04:28 +0000 (14:04 -0400)
The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC
7677 for SCRAM-SHA-256 uses 16, so use that. (This does not affect the
validity of already stored verifiers.)

Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com

src/include/common/scram-common.h patch | blob | blame | history

diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h
index ebb733df4b39de4e456c92dcd2497f4049997a59..0c5ee04f263cc29e8bd1a7d238f8c2330c05129b 100644 (file)
--- a/src/include/common/scram-common.h
+++ b/src/include/common/scram-common.h
@@ -28,10 +28,17 @@
*/
#define SCRAM_RAW_NONCE_LEN 18
-/* length of salt when generating new verifiers */
-#define SCRAM_DEFAULT_SALT_LEN 12
+/*
+ * Length of salt when generating new verifiers, in bytes. (It will be stored
+ * and sent over the wire encoded in Base64.) 16 bytes is what the example in
+ * RFC 7677 uses.
+ */
+#define SCRAM_DEFAULT_SALT_LEN 16
-/* default number of iterations when generating verifier */
+/*
+ * Default number of iterations when generating verifier. Should be at least
+ * 4096 per RFC 7677.
+ */
#define SCRAM_DEFAULT_ITERATIONS 4096
/*
This is the main PostgreSQL git repository.
RSS Atom

AltStyle によって変換されたページ (->オリジナル) /