| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>,Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: On-disk format of SCRAM verifiers |
| Date: | 2017-04-21 13:42:21 |
| Message-ID: | 1A36BA21-A050-41FD-AD3C-87496FA1ED39@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 21 April 2017 16:20:56 EEST, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:
>On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <simon(at)2ndquadrant(dot)com>
>wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
>wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It
>*does* in
>>> fact specify a single string format to store the verifier in. And
>the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
>From 1. Overview:
Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>"
They really should've included examples in those RFCs.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dagfinn Ilmari =?utf-8?Q?Manns=C3=A5ker?= | 2017-04-21 13:50:09 | Re: On-disk format of SCRAM verifiers |
| Previous Message | Simon Riggs | 2017-04-21 13:31:42 | Re: On-disk format of SCRAM verifiers |