Pierre wrote: > > > To understand the way the NSS library implements MD5AndDES-CBC and > SHA1AndDES-CBC, we printed a huge quantity of traces. > After severals tests we found what is happening: > > 1. Before sending the password and the salt to SHA1 or MD5, the NSS > library is adding a 0x00 value between the password and salt. So the > NSS send password||0||salt to the hash function. > That's strange because in the RSA reference document about PKCS5, we > read that password||salt must be send to hash function. > Isn't it a bug ? Is it the way the system is dealing with string ? >
PKCS#12 specifies that a null (well double null since its Unicode) must be considered part of the password. PKCS#5 v1.5 isn't clear on the matter but IIRC the example of PKCS standards on RSAs site don't include the null. For PKCS#5 v2.0 (PBES2) some test vectors I posted to pkcs-tng (which have been independently verified by several people) and which are now included at: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html don't include a null. > 2. When using the SHA1 with the DES-CBC, the SHA1 function is > returning a 20 bytes array. The NSS library seems to take the first 8 > bytes as the key and the last 8 bytes as the iv. Key and iv are used > to initiate the DES algorithm. > That's strange (again !) because in RSA document we read that the > first 8 bytes must be the key and the next 8 bytes (Not the last) must > be the iv. Well the description in PKCS#5 v1.5 says that the first eight octets are the key and the last eight are the IV. This doesn't matter because the only digests it uses are MD2 and MD5 which both produce 16 byte digests and it only uses DES in CBC mode which is a 8 byte key and 8 byte IV so you get the same result whether you use the first or last 8 bytes for the IV. However the PKCS#5 v2.0s description of PBES1 clearly states the first eight are the key and the next eight are the IV. It also includes SHA1 as a digest algorithm which does make a difference. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
