Bug 27403 - Should PBKDF2 be allowed on non-multiple of 8 lengths for consistency? #32
Labels
Comments
|
Looking at RFC 2898 - the answer is no. PBKDF2 is defined as taking as input dkLen - intended length in octets of the derived key. This means that the algorithm itself says that odd numbers of bits are not supported. |
|
@jimsch It would still be possible for us to call the RFC2898 algorithm with a dkLen = ceil( length / 8 ) and then truncate. Wouldn't this be more consistent with ECDH ? |
|
I would prefer to make this match the algorithm definition rather than try and make this consistent. If people need this they can do the truncation themselves. I am more than willing to have the inconsistency. |
|
If there are no other comments, then I'll close this with no changes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug 27403 from Bugzilla:
PBKDF2 throws an OperationError if length is not a multiple of 8 bits.
This seems inconsistent with deriveBits() for other algorithms, which simply truncate to the specified bit length (for instance ECDH and DH).
The text was updated successfully, but these errors were encountered: