RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is superfluous

Even for ConcatKDF, "keydatalen" is a required input to the algorithm.
But we don't have that as a parameter for ConcatKDF. It needs to be inferred.

Pratik

-----Original Message-----
From: Magnus Nystrom [mailto:mnystrom@microsoft.com] 
Sent: Monday, October 17, 2011 8:57 AM
To: XMLSec WG Public List (public-xmlsec@w3.org)
Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is superfluous

Pratik wrote:

> Can we remove the  KeyLength parameter in  PBKDF2 ?
> In the other two key derivation functions - ConcatKDF and LegacyKeyDerivation, the length of the key to be derived is not specified ,
> rather it needs to be inferred from the context.  We should have PBKDF2  also behave similarly.  

I don't see how one could do this as the KeyLength is an integral part of the PBKDF2 algorithm. For example, it is used to determine how many blocks of hash output that is required. I'd recommend not trying to change this at this point.

-- Magnus

Received on Monday, 17 October 2011 16:25:35 UTC