Bug #5063
closedOpenSSL PKCS5 PBKDF2 implementation fails RFC6070 test.
Description
RFC6070 contains reference tests for the PKCS5 v2 PBKDF2 implementation in RFC2898. OpenSSL::PKCS5.pbkdf2_hmac_sha1 conforms to this standards in all of the reference tests, except for the last one:
OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16) is expected to return the hex sequence 56fa6aa75548099dcc37d7f03425e0c3, but this method is instead returning the hex sequence 0cfe84acf5601dd0ce1be822812056a4.
Note that you can output the raw hex value of the string using String#unpack and grabbing the first element in the return array like so:
OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16).unpack('H*')[0]
Or by using the secure_string gem's to_hex method like so:
SecureString.new(OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16)).to_hex
Links to RFCs:
http://tools.ietf.org/html/rfc2898
http://tools.ietf.org/html/rfc6070
Updated by Paploo (Jeff Reinecke) almost 13 years ago
RESOLVED: I accidentally tested with single quotes. My tests pass when I use the correct quotes.
Updated by drbrain (Eric Hodel) almost 13 years ago
- Status changed from Open to Rejected