pwstore icon indicating copy to clipboard operation
pwstore copied to clipboard
verified publisher icon PeterScott

pbkdf2 always throws an error with GHC 7.4.2

Open snakamura opened this issue 11 years ago • 2 comments

Just tried this snippet on GHCi 7.4.2, then it threw an error.

>>> :set -XOverloadedStrings
>>> import Crypto.PasswordStore
>>> salt <- genSaltIO
>>> pbkdf2 "test" salt 14
"*** Exception: Derived key too long.

It works fine with GHCi 7.6.3. Any ideas?

snakamura avatar Apr 23 '14 10:04 snakamura

Hi there,

this is merely the 1:1 translation from the rfc spec:

https://github.com/PeterScott/pwstore/blob/master/pwstore-fast/Crypto/PasswordStore.hs#L171

cfr this passage from the rfc:

  1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop.

https://tools.ietf.org/html/rfc2898

adinapoli avatar Dec 09 '14 07:12 adinapoli

I recommend closing this issue. Unless I'm crazy, both dkLen and hLen are set equal to each other at 32 before being passed to the helper function, so this check is degenerate anyway. (There's no recursion into the helper function, either.)

https://github.com/PeterScott/pwstore/blob/master/pwstore-fast/Crypto/PasswordStore.hs#L168

    let hLen = 32
        dkLen = hLen in go hLen dkLen
  where
    go hLen dkLen | dkLen > (2^32 - 1) * hLen = error "Derived key too long."
                  | otherwise =

chreekat avatar May 31 '16 22:05 chreekat