[PATCH] pbkdf2: allow empty password

Werner Koch wk at gnupg.org
Mon Oct 29 16:40:13 CET 2012

On Fri, 26 Oct 2012 13:51, mbroz at redhat.com said:
> While it is insecure, the PBKDF2 implementations usually
> allows to derive password only from salt.

Please revise your patch so that it allows an empty passphrase only for
PBKDF2.  I doubt that we should do this for OpenPGP or future KDFs.

You should also write ChnageLog entries.  See doc/HACKING.  Example
commit message would be:

pbkdf2: allow empty password

* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
* tests/t-kdf.c (check_pbkdf2): Add test case for above.

Everything after the above tear off line won't go in the tarball's
ChangeLog.  Use this for comments which don't make sense in a
ChangeLog.  It is optional of course.  For typo corrections you may  use
the tear off line directly after the first empty line - in this case no
ChangeLog entry will be created.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list