Suggested changes to PurpleCipherOps and need for code review
Tomasz Wasilczyk
tomkiewicz at cpw.pidgin.im
Wed May 1 11:36:02 EDT 2013
2013/5/1 Ethan Blanton <elb at pidgin.im>:
> Tomasz Wasilczyk spake unto us the following wisdom:
>> I'm also not sure about it. There are ciphers with constant
>> key/salt/whatever lengths (I guess, that current API was designed for
>> them), but it would be a good idea to double-check it here.
>
> (...) Salts, in particular, can be of arbitrary length
> in either case. Check and make sure that "salt" doesn't mean "IV" in
> this case, though, because IVs are of length predetermined by the
> algorithm.
I was aware of salt used specifically in PBKDF2 algorithm - it may be
totally variable-length.
Anyway, I'm not sure, if length for IV should be provided or not. This
is constant length buffer, but may be still accidentally used with
buffer of wrong length (again, double checking).
Tomek
More information about the Devel
mailing list