Hi Andrew (& list), On 04/08/14 16:15, Andrew Dunham wrote: > I'm noticing an interesting behaviour, and I'm wondering if it's expected or > not. Specifically: > > crypto_scrypt(password, password_len, salt, salt_len, 1 << 14, 8, 1, out, > out_len); > > Is returning the same output for the inputs "password" (no null terminator) > and > "password\0" (including the null terminator).
This is a consequence of scrypt using the HMAC construction to process the password. It's unfortunate but not really a problem. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
