Cryptography 1.5.3 release fixed one security issue. HKDF would return an empty byte-string if used with a length less than algorithm.digest_size. References: https://cryptography.io/en/latest/changelog/#id1 Upstream bug: https://github.com/pyca/cryptography/issues/3211 Upstream patch: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
Created python-cryptography tracking bugs for this issue: Affects: fedora-all [bug 1393432]
Data returned by the HKDF() are deemed to be cryptographically strong keys, which can be used by other cryptrographical primitives like ciphers to encrypt secret data. When HKDF() returns empty strings, then depending on the primitive used, it could mean weak encryption or perhaps no encryption at all.