On 08/17/2017 01:50 PM, Peter Eisentraut wrote: > On 8/17/17 12:10, Heikki Linnakangas wrote: >> On 08/17/2017 05:23 PM, Peter Eisentraut wrote: >>> On 8/17/17 09:21, Heikki Linnakangas wrote: >>>> The RFC doesn't say anything about salt >>>> length, but the one example in it uses a 16 byte string as the salt. >>>> That's more or less equal to the current default of 12 raw bytes, after >>>> base64-encoding. >>> >>> The example is >>> >>> S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0, >>> s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096 >>> >>> That salt is 24 characters and 16 raw bytes. >> >> Ah, I see, that's from the SCRAM-SHA-256 spec. I was looking at the >> example in the original SCRAM-SHA-1 spec: >> >> S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92, >> i=4096 > > Hence my original inquiry: "I suspect that this length was chosen based > on the example in RFC 5802 (SCRAM-SHA-1) section 5. But the analogous > example in RFC 7677 (SCRAM-SHA-256) section 3 uses a length of 16. > Should we use that instead?"
Unless there is some significant downside to using 16 byte salt, that would be my vote. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Description: OpenPGP digital signature