> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn > Sent: Wednesday, 21 March, 2012 01:46
> Coming to the usage, i really don't want to use HEX for the > PKCS5_PBKDF2_HMAC_SHA1(). I just want to input the values i got from > RAND_byes(). > > Here is what i am going to do, correct me if i am wrong > 1. unsgined char rand[32] > 2. RAND_bytes(rand, 32) > > I will direcrtly use rand() in PKCS5_PBKDF2_HMAC_SHA1() and > assume i have > got the correct result. > That's good, if you indeed want 32 random bytes. > One of my engineer is asking me how do i know if > PKCS5_PBKDF2_HMAC_SHA1() > has produced he right result.... he wants some other > alternative tool to > verify my result... this is where i am stuck and found out > the website but i > feel it is not going to be useful... any thoughts on this? > Ah, you don't want to interoperate for real, just to check. The website almost certainly not. As I said, I see no way to enter nonprintable characters through a browser form, and as I suggested but didn't exactly say, I expect doing other than *ASCII* printable characters won't be reliable. The chance of a 32-byte random value being all (codepoints for) printable ASCII chars is about 1 in 43 trillion. The underlying Javascript, maybe. I don't know js very well, but newer languages generally can handle all possible characters (i.e. all codepoints) *if* you can get them in there correctly; user I/O is usually the hard part and disk I/O sometimes is (and js doesn't appear to have disk I/O anyway). Looking at pbkdf2.js it appears String.fromCharCode can do this for byte values if you convert them to (and enter them as) hex or numeric. Although looking at how it's used, I think this js has a bug if someone uses it to derive more then 16*160 = 2560 bits -- which you don't. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
