Require at least 4096 iterations for password derivation in SCRAM whe…

…n password is not empty as per the SCRAM RFC. The server current requests only 1 iteration for accounts with an empty password, but 4096 iterations for accounts with a password.
pixelspark · May 1, 2016 · af01783 · af01783
1 parent d4a7502
commit af01783
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/Rethink/SCRAM.m b/Rethink/SCRAM.m
@@ -291,7 +291,11 @@ - (NSString*) clientFinalMessage {
 
 - (BOOL) calculateProofs {
 	// Check to see that we have a password, salt and iteration count above 4096 (from RFC5802)
-	if(!self.salt.length /* || self.count.unsignedIntegerValue < 4096 */) {
+	if(!self.salt.length) {
+		return NO;
+	}
+
+	if(self.password.length > 0 && self.count.integerValue < 4096) {
 		return NO;
 	}