On 04/10/2017 09:28 PM, Álvaro Hernández Tortosa wrote:
On 10/04/17 13:02, Heikki Linnakangas wrote:
On 04/10/2017 12:39 PM, Álvaro Hernández Tortosa wrote:
* The nonce length is not specified by the RFC. I see typical
implementations use 24 chars for the client and 18 for the server.
Current code uses 10. I think it should not hurt making it at least 16
Wouldn't hurt, I guess. IIRC I checked some other implementations,
when I picked 10, but I don't remember which ones anymore. Got a
reference for 24/18?
First reference is the RFC example itself (non-mandatory, of
course). But then I saw many followed this. As a quick example, GNU SASL
#define SNONCE_ENTROPY_BYTES 18
Ok, I bumped up the nonce lengths to 18 raw bytes. Thanks!
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: