MilovdZee commented on pull request #336:
URL: https://github.com/apache/tomcat/pull/336#issuecomment-670590235
True. With SHA-1 it works. But the documentation does not enforce SHA-1.
Even the code suggests that longer digests should be possible. But because of
the implementation only algorithms with 20 bytes work. The salt could be
variable in length though.
final int saltPos = 20;
byte[] serverDigestBytes = new byte[saltPos];
This forces the digest to be 20 bytes but that is only true for SHA-1. And
it looks strange to use the saltPos to define the digest length.
final int saltLength = serverDigestPlusSaltBytes.length - saltPos;
This also indicates that the digest is of fixed length and that the salt is
of variable length. I'm not a crypto guru but I would assume the length of the
salt to be algorithm independent and the digest to be variable in length.
Depending on the algorithm.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
