PBKDF2: Allow empty passphrase.
authorMilan Broz <mbroz@redhat.com>
Mon, 29 Oct 2012 16:18:09 +0000 (17:18 +0100)
committerWerner Koch <wk@gnupg.org>
Tue, 30 Oct 2012 09:10:48 +0000 (10:10 +0100)
commit8528f1ba40e587dc17e02822e529fbd7ac69a189
tree75ab17500a13ce3b2edebcdf90eb4276190335dd
parent2c54c4da19d3a79e9f749740828026dd41f0521a
PBKDF2: Allow empty passphrase.

* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
* tests/t-kdf.c (check_pbkdf2): Add test case for above.
--

While it is insecure, the PBKDF2 implementations usually
allows to derive key only from salt.

This particular case is used e.g. in cryptsetup when
you use empty file as keyfile for LUKS keyslot.

Test vector is compared with two independent implementations.

Signed-off-by: Milan Broz <mbroz@redhat.com>
cipher/kdf.c
tests/t-kdf.c