https://bugzilla.novell.com/show_bug.cgi?id=372893
User [EMAIL PROTECTED] added comment https://bugzilla.novell.com/show_bug.cgi?id=372893#c1 Sebastien Pouliot <[EMAIL PROTECTED]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[EMAIL PROTECTED] Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #1 from Sebastien Pouliot <[EMAIL PROTECTED]> 2008-03-21 08:24:10 MST --- Hello Drew, You're in BIG trouble if you use this code (at least on MS platform). First MS "extended" PKCS#5 v1.5 outside it's secure limit (you should never ask more bytes than what the hash function can provide - the standard ask implementation to abort in such case). MS doesn't (abort) and Mono does not either (for compatibility). Second MS "extension" process is *buggy*. How ? have a look at what MS outputs... (and note the values I aligned). NET 2.0 Output: key 12 key 252 key 122 key 125 key 78 key 182 key 178 key 145 key 136 key 24 key 114 key 225 key 94 key 103 key 178 key 85 iv 78 iv 182 iv 178 iv 145 iv 14 iv 96 iv 171 iv 186 iv 197 iv 27 iv 203 iv 82 iv 171 iv 228 iv 50 iv 180 Since your IV is generally public data you're leaking 4 bytes (32 bits) of your key (in this case only 96 bits remains "safe" from this bug). Mono does not duplicate this bug (so I'm closing this bug as WONTFIX). You can find more details about this on https://bugzilla.novell.com/show_bug.cgi?id=316364 Since you seem to be using .NET 2.0 I *strongly* recommend that you use the Rfc2898DeriveBytes class, which implements PKCS#5 v2 and doesn't, at my knowledge, have a similar issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - mono-bugs@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-bugs
