From d34c9569af1c230c3ee52cef18aadf7d10bdf563 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 21 Aug 2010 20:02:19 +0000 Subject: Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases, so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL --- doc/log.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'doc') diff --git a/doc/log.txt b/doc/log.txt index 7f7076a4b..f0982039d 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -2,6 +2,7 @@ * 1.9.11-dev, ????-??-?? - Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 - Use smaller tables in the first round of AES + - Allow using PBKDF2 with empty passphrases * 1.9.10, 2010-08-12 - Add a constant time AES implementation using SSSE3 -- cgit v1.2.3