Hi there,
I'm noticing an interesting behaviour, and I'm wondering if it's expected
or not. Specifically:
crypto_scrypt(password, password_len, salt, salt_len, 1 << 14, 8, 1,
out, out_len);
Is returning the same output for the inputs "password" (no null terminator)
and "password\0" (including the null terminator). With a 32-byte salt
that's all null bytes, I get the following output for both (32 bytes):
A8 28 D8 35 80 11 0C C6
C8 39 C6 1F E9 F0 09 60
42 34 E2 F0 1E 78 98 D2
CB F5 88 7C DB F5 2D 5D
This also seems to hold if I add two null bytes on the end, etc. I'm
wondering if this is something that's expected, and if someone else could
confirm for me? It's possible I'm screwing something up here, but I've
printed the input password / length in the crypto_scrypt function right
before the first call to PBKDF2_SHA256, and it appears that the inputs are
in fact different.
Thanks,
--Andrew D
