[Mono-bugs] [Bug 372893] PasswordDeriveBytes.GetBytes() not producing expected output

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Fri Mar 21 10:24:10 EDT 2008 

https://bugzilla.novell.com/show_bug.cgi?id=372893

User spouliot at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=372893#c1


Sebastien Pouliot <spouliot at novell.com> changed:

           What    |Removed                                         |Added
----------------------------------------------------------------------------
                 CC|                                                |spouliot at novell.com
             Status|NEW                                             |RESOLVED
         Resolution|                                                |WONTFIX




--- Comment #1 from Sebastien Pouliot <spouliot at novell.com>  2008-03-21 08:24:10 MST ---
Hello Drew,

You're in BIG trouble if you use this code (at least on MS platform). 

First MS "extended" PKCS#5 v1.5 outside it's secure limit (you should never ask
more bytes than what the hash function can provide - the standard ask
implementation to abort in such case). MS doesn't (abort) and Mono does not
either (for compatibility).

Second MS "extension" process is *buggy*. How ? have a look at what MS
outputs... (and note the values I aligned).

NET 2.0 Output:
key 12
key 252
key 122
key 125
   key 78
   key 182
   key 178
   key 145
key 136
key 24
key 114
key 225
key 94
key 103
key 178
key 85
   iv 78
   iv 182
   iv 178
   iv 145
iv 14
iv 96
iv 171
iv 186
iv 197
iv 27
iv 203
iv 82
iv 171
iv 228
iv 50
iv 180

Since your IV is generally public data you're leaking 4 bytes (32 bits) of your
key (in this case only 96 bits remains "safe" from this bug).

Mono does not duplicate this bug (so I'm closing this bug as WONTFIX).

You can find more details about this on
https://bugzilla.novell.com/show_bug.cgi?id=316364

Since you seem to be using .NET 2.0 I *strongly* recommend that you use the
Rfc2898DeriveBytes class, which implements PKCS#5 v2 and doesn't, at my
knowledge, have a similar issue.


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list