I now realize this may have been ignored simply because the clock
on the sending machine was horribly off and many people sort mail
by date. So... Should this go in? Am I missing something?
On Thu, Apr 30, 2015 at 06:03:23PM -0400, Jean-Philippe Ouellet wrote:
> The intermediate values calculated
The intermediate values calculated in hmac_sha1 as part of
pkcs5_pbkdf2 are not zeroed afterwards, so we leak a single-hashed
version of the key on the stack in tk[].
Also, the correct RFC defining this is
RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
not
RFC 2202 - Test Cases