[Gambas-bugtracker] Bug #1733: gb.openssl Expose Key Derivation Functions

bugtracker at gambaswiki.org bugtracker at gambaswiki.org
Thu Feb 13 01:37:58 CET 2020


Comment #2 by REALITYRIPPLE:

PKCS5_PBKDF2_HMAC [1] exists in 1.1.0 with RIPEMD160 and all the SHAs as EVP_digests, EVP_PKEY_SCRYPT [2] is a context for PKEY in 1.1.1, and... I think bcrypt is sorta less-accessible, being part of the LibreSSL package with BSD-licensing instead. But those seem to be the three most popular (with PBKDF2 far and a way still the most common because of its age), so they'd probably do for backward compatibility 1.x range OpenSSL. My personal requirement is for PBKDF2 as well, but whatever OpenSSL can and will support would probably be a good idea.

Unfortunately, I haven't worked in C in over a decade, and I would feel much safer if someone with a good bit of experience for memory security in the language took care of it, as any leakage could be disastrously compromising. I can try giving it a shot when I have some time, just to see if I can get it working, but I really would not want the result in production code.

[1] https://www.openssl.org/docs/man1.1.0/man3/PKCS5_PBKDF2_HMAC.html
[2] https://www.openssl.org/docs/man1.1.1/man7/scrypt.html

More information about the Bugtracker mailing list