Bug 891266
| Summary: | Allow empty passphrase for PBKDF2 (backport) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Milan Broz <mbroz> | ||||
| Component: | libgcrypt | Assignee: | Tomas Mraz <tmraz> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | jorton, pvrabec, rdieter, tmraz | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libgcrypt-1.5.0-9.fc19 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-01-30 14:45:33 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 671401 [details] Upstream patch Description of problem: cryptsetup uses gcrypt as backend for has and I would like to enable also PBKDF2 library implementation (preferring to local implementation). However, PBKDF2 in gcrypt doesn't allow empty passphrase (key generated only form salt). While this is insecure, it is needed to support backward compatible operation of cryptsetup. Attached is patch accepted for upstream (for gcrypt 1.6.0) which solves this problem. Once gcrypt is patched, I'll patch to cryptsetup so internal PBKDF2 implementation is no longer used. Version-Release number of selected component (if applicable): libgcrypt-1.5.0-8.fc19