On 21 April 2017 16:20:56 EEST, Michael Paquier <michael.paqu...@gmail.com> wrote: >On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <si...@2ndquadrant.com> >wrote: >> On 21 April 2017 at 10:20, Heikki Linnakangas <hlinn...@iki.fi> >wrote: >>> But looking more closely, I think I misunderstood RFC 5803. It >*does* in >>> fact specify a single string format to store the verifier in. And >the format >>> looks like: >>> >>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey> >> >> Could you explain where you are looking? I don't see that in RFC5803 > >From 1. Overview:
Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>" They really should've included examples in those RFCs. - Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers