Project

General

Profile

Actions
Copy link

Bug #5063

closed

OpenSSL PKCS5 PBKDF2 implementation fails RFC6070 test.

Added by Paploo (Jeff Reinecke) over 12 years ago. Updated over 12 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-darwin10.7.0]
Backport:
[ruby-core:38274]

Description

RFC6070 contains reference tests for the PKCS5 v2 PBKDF2 implementation in RFC2898. OpenSSL::PKCS5.pbkdf2_hmac_sha1 conforms to this standards in all of the reference tests, except for the last one:

OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16) is expected to return the hex sequence 56fa6aa75548099dcc37d7f03425e0c3, but this method is instead returning the hex sequence 0cfe84acf5601dd0ce1be822812056a4.

Note that you can output the raw hex value of the string using String#unpack and grabbing the first element in the return array like so:
OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16).unpack('H*')[0]
Or by using the secure_string gem's to_hex method like so:
SecureString.new(OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16)).to_hex

Links to RFCs:
http://tools.ietf.org/html/rfc2898
http://tools.ietf.org/html/rfc6070

Actions
Copy link
 #1 [ruby-core:38275]

Updated by Paploo (Jeff Reinecke) over 12 years ago

RESOLVED: I accidentally tested with single quotes. My tests pass when I use the correct quotes.

Actions
Copy link
 #2 [ruby-core:38278]

Updated by drbrain (Eric Hodel) over 12 years ago

  • Status changed from Open to Rejected
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0