Suggested changes to PurpleCipherOps and need for code review
Ethan Blanton
elb at pidgin.im
Wed May 1 11:45:37 EDT 2013
Tomasz Wasilczyk spake unto us the following wisdom:
> 2013/5/1 Ethan Blanton <elb at pidgin.im>:
> > Tomasz Wasilczyk spake unto us the following wisdom:
> >> I'm also not sure about it. There are ciphers with constant
> >> key/salt/whatever lengths (I guess, that current API was designed for
> >> them), but it would be a good idea to double-check it here.
> >
> > (...) Salts, in particular, can be of arbitrary length
> > in either case. Check and make sure that "salt" doesn't mean "IV" in
> > this case, though, because IVs are of length predetermined by the
> > algorithm.
>
> I was aware of salt used specifically in PBKDF2 algorithm - it may be
> totally variable-length.
Sure.
> Anyway, I'm not sure, if length for IV should be provided or not. This
> is constant length buffer, but may be still accidentally used with
> buffer of wrong length (again, double checking).
Agreed, providing length for everything is perfectly reasonable.
Ethan
More information about the Devel
mailing list