Page MenuHome GnuPG

SCRYPT does not work in FIPS mode
Closed, ResolvedPublic


The pkbdf2 does not allow low iterations <1000 in FIPS mode as required by SP 800-132 sec 5.2, p.6 since f4a861f3e5ae82f278284061e4829c03edf9c3a7. But the side effect of this change is that the SCRYPT KDF fails this test as it runs PBKDF2 with 1 iteration internally.

This is not an issue for the certification as the SCRYPT is not FIPS approved, but given that the KDF's use FIPS service indicator using GCRYCTL_FIPS_SERVICE_INDICATOR_KDF, it should keep working.

My proposal would be moving the checks out of the _gcry_kdf_pkdf2() to the _gcry_kdf_derive() to make them effective only for the "external callers", but there might be better ways, what do you think?


master, 1.10.x

Event Timeline

werner triaged this task as Normal priority.May 30 2023, 1:42 PM
gniibe changed the task status from Open to Testing.Jun 16 2023, 8:11 AM
gniibe claimed this task.
gniibe added a subscriber: gniibe.

Fixed in both of master and 1.10 branch.

Also, I fixed bench-slope test program (in FIPS mode) for KDF.

Possibly, SCRYPT is good to be supported by gcry_kdf_open/compute/final/close API, so that we can take advantage of many cores of modern computer.