Re: Password identifiers, protocol aging and SCRAM protocol

From: Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Password identifiers, protocol aging and SCRAM protocol
Date: 2016-11-09 06:13:09
Message-ID: 20161109091309.6437a8b3@fafnir.local.vm
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, 18 Oct 2016 16:35:27 +0900
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> wrote:

Hi
> Attached is a rebased patch set for SCRAM, with the following things:
> - 0001, moving all the SHA2 functions to src/common/ and introducing a
> PG-like interface. No actual changes here.

It seems, that client nonce generation in this patch is not
RFC-compliant.

RFC 5802 states that SCRAM nonce should be

a sequence of random printable ASCII
characters excluding ','

while this patch uses sequence of random bytes from pg_strong_random
function with zero byte appended.

It could cause following problems

1. If zero byte happens inside random sequence, nonce would be shorter
than expected, or even empty.

2. If one of bytes happens to be ASCII Code of comma, than server
to the client-first message, which includes copy of client nonce,
appended by server nonce,
as one of unquoted comman-separated field, would be parsed incorrectly.

Regards, Victor
--

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2016-11-09 06:23:11 Re: Password identifiers, protocol aging and SCRAM protocol
Previous Message Michael Paquier 2016-11-09 05:54:45 Re: [PATCH] Reload SSL certificates on SIGHUP