Skip to content
Snippets Groups Projects
Commit cf98e383 authored by Peter Eisentraut's avatar Peter Eisentraut
Browse files

Increase SCRAM salt length

The original value 12 was set based on RFC 5802 for SCRAM-SHA-1, but RFC
7677 for SCRAM-SHA-256 uses 16, so use that.  (This does not affect the
validity of already stored verifiers.)

Discussion: https://www.postgresql.org/message-id/flat/12cc9297-7e05-932f-d863-765e5626ead4%402ndquadrant.com
parent d51b0872
No related branches found
No related tags found
No related merge requests found
......@@ -28,10 +28,17 @@
*/
#define SCRAM_RAW_NONCE_LEN 18
/* length of salt when generating new verifiers */
#define SCRAM_DEFAULT_SALT_LEN 12
/*
* Length of salt when generating new verifiers, in bytes. (It will be stored
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
* RFC 7677 uses.
*/
#define SCRAM_DEFAULT_SALT_LEN 16
/* default number of iterations when generating verifier */
/*
* Default number of iterations when generating verifier. Should be at least
* 4096 per RFC 7677.
*/
#define SCRAM_DEFAULT_ITERATIONS 4096
/*
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment