Issue #5063 has been updated by Eric Hodel.

Status changed from Open to Rejected


----------------------------------------
Bug #5063: OpenSSL PKCS5 PBKDF2 implementation fails RFC6070 test.
http://redmine.ruby-lang.org/issues/5063

Author: Jeff Reinecke
Status: Rejected
Priority: Normal
Assignee: 
Category: 
Target version: 
ruby -v: ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-darwin10.7.0]


RFC6070 contains reference tests for the PKCS5 v2 PBKDF2 implementation in RFC2898.  OpenSSL::PKCS5.pbkdf2_hmac_sha1 conforms to this standards in all of the reference tests, except for the last one:

OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16) is expected to return the hex sequence 56fa6aa75548099dcc37d7f03425e0c3, but this method is instead returning the hex sequence 0cfe84acf5601dd0ce1be822812056a4.

Note that you can output the raw hex value of the string using String#unpack and grabbing the first element in the return array like so:
  OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16).unpack('H*')[0]
Or by using the secure_string gem's to_hex method like so:
  SecureString.new(OpenSSL::PKCS5.pbkdf2_hmac_sha1('pass\0word', 'sa\0lt', 4096, 16)).to_hex

Links to RFCs:
http://tools.ietf.org/html/rfc2898
http://tools.ietf.org/html/rfc6070


-- 
http://redmine.ruby-lang.org