On Tue, Dec 20, 2022 at 08:45:29PM -0500, Jonathan S. Katz wrote:
> On 12/20/22 2:25 AM, Michael Paquier wrote:
>> 4) The case of MD5 is something that looks a bit tricky at quick
>> glance. We know that if the role has a MD5 password stored, we will
>> fail anyway. So we could just advertise
On 12/20/22 2:25 AM, Michael Paquier wrote:
On Tue, Dec 20, 2022 at 08:58:38AM +0900, Michael Paquier wrote:
Thanks! I have applied for I have here.. There are other pieces to
think about in this area.
FYI, I have spent a few hours looking at the remaining parts of the
SCRAM code that could
On Tue, Dec 20, 2022 at 08:58:38AM +0900, Michael Paquier wrote:
> Thanks! I have applied for I have here.. There are other pieces to
> think about in this area.
FYI, I have spent a few hours looking at the remaining parts of the
SCRAM code that could be simplified if a new hash method is
On Mon, Dec 19, 2022 at 02:58:24PM -0500, Jonathan S. Katz wrote:
> With the assertion in "scram_build_secret", that value is set from the
> "PG_SHA256" constant anyway, so I don't know if it actually gives us
> anything other than a reminder? With "scram_mock"salt" the value ultimately
> comes
On 12/16/22 10:08 PM, Michael Paquier wrote:
On Thu, Dec 15, 2022 at 04:59:52AM +0900, Michael Paquier wrote:
However, that's only half of the picture. The key length and the hash
type (or just the hash type to know what's the digest/key length to
use but that's more invasive) still need to be
On Thu, Dec 15, 2022 at 04:59:52AM +0900, Michael Paquier wrote:
> However, that's only half of the picture. The key length and the hash
> type (or just the hash type to know what's the digest/key length to
> use but that's more invasive) still need to be sent across the
> internal routines of
On Wed, Dec 14, 2022 at 02:39:43PM +0100, Peter Eisentraut wrote:
> On 14.12.22 03:38, Michael Paquier wrote:
>> While investigating on what it would take to extend SCRAM to use new
>> hash methods (say like the RFC draft for SCRAM-SHA-512), I have been
>> quickly reminded of the limitations
On 14.12.22 03:38, Michael Paquier wrote:
This patch passes check-world and the CI is green. I have tested as
well the patch with SCRAM verifiers coming from a server initially on
HEAD, so it looks pretty solid seen from here, being careful of memory
leaks in the frontend, mainly.
The changes
Hi all,
(Adding Daniel and Jonathan per recent threads)
While investigating on what it would take to extend SCRAM to use new
hash methods (say like the RFC draft for SCRAM-SHA-512), I have been
quickly reminded of the limitations created by SCRAM_KEY_LEN, which is
the key length that we use in