-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ykchalresp returns the same response for 2 different challenges #174
Comments
Did some debugging, it seems data sent to the YubiKey is actually different as expected:
Notice:
vs
In last line. So it seems YubiKey actually hashes only 63 bytes of input, not 64 bytes? |
This depends on how the YubiKey was configured, if the flag HMAC_LT64 is set the YubiKey will hash up to 63 bytes, considering byte 64 (and additional identical bytes from the end) as padding. If that flag is not set 64 bytes is hashed. |
Thanks for the reference @klali. It all make sense now, but I still find it confusing. Is there a way |
I'm also trying to find the limitations of not setting the |
This is correct, |
Thanks for the explanation. I guess this can be closed now 👍 |
Running the following script to reproduce:
Produces the following result:
You can see that in first 2 cases, the given response is the same, where it should be different. Testing against
openssl
, specifically:Gives different result properly.
There seems to be something wrong with boundary checking of input I suppose.
The text was updated successfully, but these errors were encountered: