He Peter, > The SCRAM salt length is currently set as > > /* length of salt when generating new verifiers */ > #define SCRAM_DEFAULT_SALT_LEN 12 > > without further comment. > > I suspect that this length was chosen based on the example in RFC 5802 > (SCRAM-SHA-1) section 5. But the analogous example in RFC 7677 > (SCRAM-SHA-256) section 3 uses a length of 16. Should we use that instead?
Maybe this length was chosen just because it becomes a 16-characters string after base64encode. If I understand correctly RFC 5802 and RFC 7677 don't say much about the required or recommended length of the salt. I personally believe that 2^96 of possible salts is consistent with both RFCs and should be enough in practice. -- Best regards, Aleksander Alekseev
Description: PGP signature