891266 – Allow empty passphrase for PBKDF2 (backport)

Bug 891266 - Allow empty passphrase for PBKDF2 (backport)

Summary: Allow empty passphrase for PBKDF2 (backport)

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libgcrypt
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-01-02 11:46 UTC by Milan Broz
Modified:	2013-03-01 04:11 UTC (History)
CC List:	4 users (show)
Fixed In Version:	libgcrypt-1.5.0-9.fc19
Clone Of:
Environment:
Last Closed:	2013-01-30 14:45:33 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Upstream patch (1.51 KB, patch) 2013-01-02 11:46 UTC, Milan Broz	no flags	Details \| Diff
View All

Description Milan Broz 2013-01-02 11:46:12 UTC

Created attachment 671401 [details]
Upstream patch

Description of problem:

cryptsetup uses gcrypt as backend for has and I would like to enable also PBKDF2 library implementation (preferring to local implementation).

However, PBKDF2 in gcrypt doesn't allow empty passphrase (key generated only form salt). While this is insecure, it is needed to support backward compatible operation of cryptsetup.

Attached is patch accepted for upstream (for gcrypt 1.6.0) which solves this problem. Once gcrypt is patched, I'll patch to cryptsetup so internal PBKDF2 implementation is no longer used.

Version-Release number of selected component (if applicable):
libgcrypt-1.5.0-8.fc19

Note You need to log in before you can comment on or make changes to this bug.