Page MenuHome GnuPG

Ensure minimum key length for KDF in FIPS mode
Closed, ResolvedPublic


NIST.SP.800-132 Section 5 mandates a minimum key length of 112 bit for the KDF . The proposed change adds an explicit check when running in FIPS mode to make sure this requirement is met.

Event Timeline

gniibe changed the task status from Open to Testing.Sep 27 2022, 6:34 AM
gniibe claimed this task.
gniibe triaged this task as Normal priority.
gniibe added a subscriber: gniibe.

Thank you for your report.

Applied and pushed.

The specs page 10 says specifically:

The kLen value shall be at least 112 bits in length.

Fixed in 1.10.2.