Suggested changes to PurpleCipherOps and need for code review

Ethan Blanton elb at
Wed May 1 11:45:37 EDT 2013

Tomasz Wasilczyk spake unto us the following wisdom:
> 2013/5/1 Ethan Blanton <elb at>:
> > Tomasz Wasilczyk spake unto us the following wisdom:
> >> I'm also not sure about it. There are ciphers with constant
> >> key/salt/whatever lengths (I guess, that current API was designed for
> >> them), but it would be a good idea to double-check it here.
> >
> > (...) Salts, in particular, can be of arbitrary length
> > in either case.  Check and make sure that "salt" doesn't mean "IV" in
> > this case, though, because IVs are of length predetermined by the
> > algorithm.
> I was aware of salt used specifically in PBKDF2 algorithm - it may be
> totally variable-length.


> Anyway, I'm not sure, if length for IV should be provided or not. This
> is constant length buffer, but may be still accidentally used with
> buffer of wrong length (again, double checking).

Agreed, providing length for everything is perfectly reasonable.


More information about the Devel mailing list