Suggested changes to PurpleCipherOps and need for code review

Tomasz Wasilczyk tomkiewicz at
Wed May 1 11:36:02 EDT 2013

2013/5/1 Ethan Blanton <elb at>:
> Tomasz Wasilczyk spake unto us the following wisdom:
>> I'm also not sure about it. There are ciphers with constant
>> key/salt/whatever lengths (I guess, that current API was designed for
>> them), but it would be a good idea to double-check it here.
> (...) Salts, in particular, can be of arbitrary length
> in either case.  Check and make sure that "salt" doesn't mean "IV" in
> this case, though, because IVs are of length predetermined by the
> algorithm.

I was aware of salt used specifically in PBKDF2 algorithm - it may be
totally variable-length.

Anyway, I'm not sure, if length for IV should be provided or not. This
is constant length buffer, but may be still accidentally used with
buffer of wrong length (again, double checking).


More information about the Devel mailing list