- From: Magnus Nystrom <mnystrom@microsoft.com>
- Date: Mon, 17 Oct 2011 17:03:24 +0000
- To: Pratik Datta <pratik.datta@oracle.com>, "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
True. Perhaps we should instead add the KeyDatalen to ConcatKDF (at least as an optional?)? I am a little wary at doing any changes to the schema at this late point though given that what we have apparently works - but I can see the inconsistency. I'd rather not change the PBKDF2 schema though since we currently have alignment with the schema for PKCS #5 - the same elements & attributes. -- Magnus > -----Original Message----- > From: Pratik Datta [mailto:pratik.datta@oracle.com] > Sent: Monday, October 17, 2011 9:25 AM > To: Magnus Nystrom; XMLSec WG Public List (public-xmlsec@w3.org) > Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is > superfluous > > Even for ConcatKDF, "keydatalen" is a required input to the algorithm. > But we don't have that as a parameter for ConcatKDF. It needs to be inferred. > > Pratik > > -----Original Message----- > From: Magnus Nystrom [mailto:mnystrom@microsoft.com] > Sent: Monday, October 17, 2011 8:57 AM > To: XMLSec WG Public List (public-xmlsec@w3.org) > Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is > superfluous > > Pratik wrote: > > > Can we remove the KeyLength parameter in PBKDF2 ? > > In the other two key derivation functions - ConcatKDF and > > LegacyKeyDerivation, the length of the key to be derived is not specified , > rather it needs to be inferred from the context. We should have PBKDF2 also > behave similarly. > > I don't see how one could do this as the KeyLength is an integral part of the > PBKDF2 algorithm. For example, it is used to determine how many blocks of > hash output that is required. I'd recommend not trying to change this at this > point. > > -- Magnus > >
Received on Monday, 17 October 2011 17:04:04 UTC