Thanks for the quick reply :-) --Andrew D
On Tue, Apr 8, 2014 at 6:03 PM, Colin Percival <[email protected]> wrote: > Hi Andrew (& list), > > On 04/08/14 16:15, Andrew Dunham wrote: > > I'm noticing an interesting behaviour, and I'm wondering if it's > expected or > > not. Specifically: > > > > crypto_scrypt(password, password_len, salt, salt_len, 1 << 14, 8, 1, > out, > > out_len); > > > > Is returning the same output for the inputs "password" (no null > terminator) and > > "password\0" (including the null terminator). > > This is a consequence of scrypt using the HMAC construction to process the > password. It's unfortunate but not really a problem. > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid >
