On Thu, Aug 17, 2017 at 10:21 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 08/17/2017 05:42 AM, Michael Paquier wrote: >> That's now or never. > > Not really. That constant is just the default to use when creating new > password verifiers, but the code can handle any salt length, and different > verifiers can have different lengths.
Indeed, fuzzy memory here. I thought that parse_scram_verifier() checked the salt length with the default value, but that's not the case. Perhaps at some point in the development there was a check of this kind.. -- Michael -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers