public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jonathan S. Katz <[email protected]>
To: Jacob Champion <[email protected]>
To: Tom Lane <[email protected]>
Cc: Nathan Bossart <[email protected]>
Cc: Michael Paquier <[email protected]>
Cc: Alexander Lakhin <[email protected]>
Cc: pgsql-hackers <[email protected]>
Subject: Re: Should rolpassword be toastable?
Date: Thu, 3 Oct 2024 22:17:31 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAOYmi+mVJDy+ja1Un3PSZHq2G4PYq1A-ROfR-rSoOtN-PVK4XA@mail.gmail.com>
References: <[email protected]>
<[email protected]>
<Zuzh6Nq750L9BZn5@nathan>
<[email protected]>
<[email protected]>
<Zu2eT2H8OT3OXauc@nathan>
<[email protected]>
<Zu8r0oO0Vi0FxdpB@nathan>
<Zv8MTMy87pRlRqD_@nathan>
<[email protected]>
<Zv8X3YVzuPfh1Fht@nathan>
<[email protected]>
<CAOYmi+mVJDy+ja1Un3PSZHq2G4PYq1A-ROfR-rSoOtN-PVK4XA@mail.gmail.com>
On 10/3/24 7:29 PM, Jacob Champion wrote:
> On Thu, Oct 3, 2024 at 3:25 PM Tom Lane <[email protected]> wrote:
>>
>> Nathan Bossart <[email protected]> writes:
>>> I don't mind proceeding with the patch if there is strong support for it.
>>> I wavered only because it's hard to be confident that we are choosing the
>>> right limit.
>>
>> I'm not that fussed about it; surely 256 is more than anyone is using?
>> If not, we'll get push-back and then we can have a discussion about the
>> correct limit that's informed by more than guesswork.
>
> +1.
>
> Next up is probably SCRAM-SHA-512, which should still have smaller
> entries than that -- 222 bytes, I think, with 128-bit salts and a
> 5-digit iteration count?
The challenge is that salts can be an arbitrary length, even today (as
can the iterator value, though IIRC I think we check if it's in int
bounds, and a large iterator becomes pretty impractical for usage).
Probabalistically, it's unlikely there are many very large salts in the
wild (though I don't have data on that) and most folks are using the
default length, but that probability isn't 0.
I think Tom's initial suggestion (BLCKSZ/2) is better than 256, given we
really don't know what' out there in the wild, and this could end up
being a breaking change. Every other type in pg_authid is pretty small.
That said, I'm also imagining other things we may add that could require
TOAST support (remembering previous passwords? storing multiple
passwords options)?
Thanks,
Jonathan
Attachments:
[application/pgp-signature] OpenPGP_signature.asc (840B, ../[email protected]/2-OpenPGP_signature.asc)
download
view thread (17+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Should rolpassword be toastable?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox