From b577743000cd0974052af3a71770a23760423102 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 27 Mar 2023 09:46:29 +0200 Subject: Make SCRAM iteration count configurable Replace the hardcoded value with a GUC such that the iteration count can be raised in order to increase protection against brute-force attacks. The hardcoded value for SCRAM iteration count was defined to be 4096, which is taken from RFC 7677, so set the default for the GUC to 4096 to match. In RFC 7677 the recommendation is at least 15000 iterations but 4096 is listed as a SHOULD requirement given that it's estimated to yield a 0.5s processing time on a mobile handset of the time of RFC writing (late 2015). Raising the iteration count of SCRAM will make stored passwords more resilient to brute-force attacks at a higher computational cost during connection establishment. Lowering the count will reduce computational overhead during connections at the tradeoff of reducing strength against brute-force attacks. There are however platforms where even a modest iteration count yields a too high computational overhead, with weaker password encryption schemes chosen as a result. In these situations, SCRAM with a very low iteration count still gives benefits over weaker schemes like md5, so we allow the iteration count to be set to one at the low end. The new GUC is intentionally generically named such that it can be made to support future SCRAM standards should they emerge. At that point the value can be made into key:value pairs with an undefined key as a default which will be backwards compatible with this. Reviewed-by: Michael Paquier Reviewed-by: Jonathan S. Katz Discussion: https://postgr.es/m/F72E7BC7-189F-4B17-BF47-9735EB72C364@yesql.se --- doc/src/sgml/config.sgml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'doc/src') diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 481f93cea1b..71730cc52fe 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1132,6 +1132,26 @@ include_dir 'conf.d' + + scram_iterations (integer) + + scram_iterations configuration parameter + + + + + The number of computational iterations to be performed when encrypting + a password using SCRAM-SHA-256. The default is 4096. + A higher number of iterations provides additional protection against + brute-force attacks on stored passwords, but makes authentication + slower. Changing the value has no effect on existing passwords + encrypted with SCRAM-SHA-256 as the iteration count is fixed at the + time of encryption. In order to make use of a changed value, a new + password must be set. + + + + krb_server_keyfile (string) -- cgit v1.2.3