- From: Mitar <mmitar@gmail.com>
- Date: Thu, 28 Jan 2016 11:35:34 -0800
- To: public-webcrypto@w3.org
Hi! >From my reading of the spec, deriveKey uses directly output of the deriveBits. > Let secret be the result of executing the derive bits operation specified by normalizedAlgorithm using key, algorithm and length. > Let result be the result of executing the import key operation specified by normalizedDerivedKeyAlgorithm using "raw" as format, secret as keyData, derivedKeyType as algorithm and using extractable and usages. And deriveBits for ECDH seems to directly return the computed secret: > Perform the ECDH primitive specified in X9.63 Section 5.4.1 with key as the EC private key d and the EC public key represented by the [[handle]] internal slot of publicKey as the EC public key Q. > Let secret be the result of applying the field element to octet string conversion defined in Section ? of X9.63 to the output of the ECDH primitive. This is bad. This means that computed secret is used directly. This is not advised. There should be at least some hashing function on the computed secret to remove weak bits. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Thursday, 28 January 2016 19:36:05 UTC