Comment 19 for bug 1175367
Revision history for this message
| Simo Sorce (simo-x) wrote Re: Memcache encryption middleware improperly implemented | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Some remarks:
- HKDF would allow you to use SHA256 and obtain up to 10 blocks of material good for keys. Plus it allows key derivation with arbitrary salt (if you use extraction which is not needed) and arbitrary additional info if you need to make the key derivation unique (equivalent to using a serialzied tokena s you do here I guess).
But the reason I suggest it is that it is a true and tested Key Derivation Function while HMAC technically is not, and taking shortcuts tend to have undesirable consequences in the long run. Although I am not concerned in this case.
- AES 128 true, the original code mentioned AES256 and it stuck, however both the old and the new code use MODE_CFB not MODE_CBC
- Ignore the IV part you can't look it up so it is not suitable as a memcahce key indeed, pity that, could have saved some space too :) I am still somewhat uncomfortable using a key derived from a secret as a public handle, but it is probably ok.