On 16 August 2017 at 14:10, Peter Eisentraut
> The SCRAM salt length is currently set as
> /* length of salt when generating new verifiers */
> #define SCRAM_DEFAULT_SALT_LEN 12
> without further comment.
> I suspect that this length was chosen based on the example in RFC 5802
> (SCRAM-SHA-1) section 5. But the analogous example in RFC 7677
> (SCRAM-SHA-256) section 3 uses a length of 16. Should we use that instead?
16 preferred, IMHO
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Sent via pgsql-hackers mailing list (firstname.lastname@example.org)
To make changes to your subscription: