> Hello,
> > Did you only read the second paragraph and not the first?
> I have read both.
Then why did you ignore the first paragraph in your reply?
> AES key is AES key and not passphrase.
An "AES key" is a key used for AES. A "key" is a generic term and does
not
restrict or limit what processing might take place. It is reasonable, for
example, to refer to an algorithm that includes key preprocessing as "AES",
especially when previous writings make it absolutely clear that this is what
you are doing.
> If "munki" is not valid AES key (not because it is ASCII string
> but because it is too short) (first paragraph) then it can not
> be used as AES key (as stated that this is "kind of silly"
> in second paragraph).
There are any number of ways one can specify an AES key in a written
document. Many of them are ambiguous. For example, if I say "5e2a3f" does
this mean an ASCII string or a hexadecimal string? It could be either, and
in fact, it could be many other things as well.
Is "4a2f" a valid key for an algorithm that requires a 4-byte key? Yes
if
you interpret that as ASCII, no if you interpret it as hexadecimal.
The term "munki" is a valid AES key if it's the input to a hashing
algorithm that is then truncated to the appropriate length. Since you are
replying to a case where I suggested that that was what I was doing, there
is no issue.
> Or, I may guess, in second paragraph you mean: "munki" passphrase.
I explained what I meant completely clearly in my first paragraph, which
you completely chose to disregard, even cutting it from your reply. You are
being dense, the only question is whether it's deliberate.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
