Skip to content

🔒 Add ScramAuthenticator#max_iterations (backports #654)#656

Merged
nevans merged 4 commits intov0.5-stablefrom
backport/v0.5/scram-maximum_iterations
Apr 22, 2026
Merged

🔒 Add ScramAuthenticator#max_iterations (backports #654)#656
nevans merged 4 commits intov0.5-stablefrom
backport/v0.5/scram-maximum_iterations

Conversation

@nevans
Copy link
Copy Markdown
Collaborator

@nevans nevans commented Apr 22, 2026

This backports #654 to v0.5-stable.

nevans added 4 commits April 22, 2026 18:16
@nevans
♻️ Assign ScramAuthenticator ivars in initialize
93ecf47
@nevans
⚡️ Memoize salted_password for AUTHENTICATE SCRAM
9b322a8 
`SASL::ScramAlgorithm` and `SASL::ScramAuthenticator` use
`salted_password` _at least_ twice: once to compute `client_key` and
once to compute `server_key`.  It is actually used more than that, since
`client_key` and `server_key` are also used multiple times each.
Computing `salted_password` is _intentionally_ computationally
expensive, so it should be cached.

Although `client_key` and `server_key` are far less computationally
expensive, they _are_ used multiple times, so they are memoized too.

Ultimately, we _could_ memoize most of the methods in `ScramAlgorithm`,
but I've decided to keep it simple by only memoizing these three.
@nevans
✅ Add test for ScramAuthenticator#min_iterations
c4f5529
@nevans
🔒 Add max_iterations to ScramAuthenticator
f803b30 
`max_iterations` enforces a maximum allowed iteration count.  A higher
number iterations will raise an error.

As noted in RFC5802 §9:
>>>
  A hostile server can perform a computational denial-of-service
  attack on clients by sending a big iteration count value.

Note that `OpenSSL::KDF.pbkdf2_hmac` is implemented by a blocking C
function, and cannot be interrupted by +Timeout+ or `Thread.raise`.  And
(as of v4.0 of the +openssl+ gem) it keeps the Global VM lock, so other
ruby threads will not be able to run either.

The default value is `2³¹ - 1`, the maximum signed 32-bit integer.  This
is large enough for the computation to take several minutes, and
insufficient protection against hostile servers.

_To prevent a denial of service attack,_ this must be set to a safe
value, based on user's hardware and version of OpenSSL.

_It is the user's responsibility_ to enforce minimum and maximum
iteration counts that are appropriate for their security context.
@nevans nevans added backport This issue or PR is for a stable release branch performance related to CPU use, memory use, latency, etc labels Apr 22, 2026
@nevans nevans merged commit 808001b into v0.5-stable Apr 22, 2026
46 checks passed
@nevans nevans deleted the backport/v0.5/scram-maximum_iterations branch April 22, 2026 22:45
@nevans nevans changed the title 🔒 Add ScramAuthenticator#max_iterations 🔒 Add ScramAuthenticator#max_iterations (backports #654) Apr 22, 2026
@nevans nevans added security vulnerability patch Pull requests that address security vulnerabilities SASL 🔒 Authentication and authentication mechanisms labels Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport This issue or PR is for a stable release branch performance related to CPU use, memory use, latency, etc SASL 🔒 Authentication and authentication mechanisms security vulnerability patch Pull requests that address security vulnerabilities

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nevans