User Details
- User Since
- Mar 27 2017, 4:47 PM (273 w, 6 d)
- Roles
- Administrator
- Availability
- Available
Fri, Jun 24
The change allows internal use of HMAC with shorter key.
Considering again, I concluded the patch above should be applied.
The use of SALT in HKDF may be not secret and there are valid use cases with no last or shorter salt. It's different to the use case of HMAC, where KEY is secret.
Thu, Jun 23
Even if it is only a single case (of old version of Wine), I think that it is worth to add es_fflush when writing to file.
What about rejected changes to "Key:"?
Wed, Jun 22
In rC76aad97dd312: fips: Reject shorter key for HMAC in FIPS mode., I added rejection, but it would be good to move the check to src/visibility.c to allow internal use.
Tue, Jun 21
Looking illumos-gate, Solaris variants have no issues.
Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.
My intention to refer rG7b1db7192 was to specify the HEAD of STABLE-BRANCH-2-2, meaning "the head of STABLE-BRANCH-2-2 today". The commit itself has no meaning.
I created minimized test:
Mon, Jun 20
Last week:
I can replicate the error by 2.2.35, but I cannot replicate it with rG7b1db7192.
I tested:
- GNU/Linux
- i686
- x86_64
- Windows
- i686
Thu, Jun 16
I pushed the change needed for GnuPG to t5964 branch.
Added HKDF implementation to master.
Applied to 1.10 branch.
didn't seem to work with 1.9.x
Wed, Jun 15
In the branch https://dev.gnupg.org/source/Scute/history/t6002/ , by the commit rS123d617ebefe: Less administration of devices by scute., things has been changed.
Tue, Jun 14
Thank you. Applied.
Mon, Jun 13
Last weeks:
- libgcrypt
- pinentry
- gpg-connect-agent
- Add --unbuffered support
- T5862
- also tested with pinpad cardreader
- mostly finished the feasibility study with xsecurelock
- For X, xsecurelock is the best (as of 2022)
- unfortunately, there is none like xsecurelock for Wayland
- gpg-agent: T6012: Add --format-ssh support for READKEY
- libgpg-error:
- experimental branch added: Remove WindowsCE support
- libassuan
- scdaemon
- changes for new scute T6002
This week
- scute: T6002
- Meeting for libgcrypt
- TwoStep KDF
I realized that we need to invent a way to represent KEYGRIP (40-byte string) in the scheme of PKCS#11; PKCS#11 uses fixed-size string (space padded) for it's label (32) and serialno (16). Basically, it identifies the device by slot number.
Fri, Jun 10
Thu, Jun 9
Because it's the library which refuses null passphrase as input, only possible options are either:
Backported to GnuPG 2.2.
Wed, Jun 8
Applied the changes.
Now, it also supports a reader with pinpad.
Tue, Jun 7
Created gniibe/t5912 branch.
It works for me.
I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors
Mon, Jun 6
Updated (with T6012):