Regression on SHA-384 and SHA-512

Bug #1209399 reported by Legrandin on 2013-08-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Python-Crypto
Undecided
Unassigned

Bug Description

The following code behaves differently now than in PyCrypto 2.6.

===
from Crypto.Hash import SHA384, HMAC

payload = "test"
key = '\x00'*48
print HMAC.new(key, payload, SHA384).hexdigest()
print HMAC.new(key, payload, SHA384.new()).hexdigest()
===

With PyCrypto 2.6 it displays:
a154ade5eb70996838bffda2b49a00df11b43b70264dc8eff989444bf6afd61064d39926b22bb8fc988089128932dcea
a154ade5eb70996838bffda2b49a00df11b43b70264dc8eff989444bf6afd61064d39926b22bb8fc988089128932dcea

But now (master on github) it displays:
a154ade5eb70996838bffda2b49a00df11b43b70264dc8eff989444bf6afd61064d39926b22bb8fc988089128932dcea
4704b48c24b27a946500c3407119e2d16241ac2b6c7f0486f6bda46b5c0e95f4af80a84d9171bf311153ed6d8b6a5c5a

Legrandin (gooksankoo) on 2013-08-07
summary: - Regression on SHA-2 hashes
+ Regression on SHA-384 and SHA-512
Legrandin (gooksankoo) wrote :

I believe I narrowed down the regression to this specific changeset:

https://github.com/dlitz/pycrypto/commit/fd398a28e3a227a539b264a9f1e11287b904c7da

the previous version worked fine.
Still, I cannot see anything harmful in that change.

Legrandin (gooksankoo) wrote :

Patch available on this pull request:

https://github.com/dlitz/pycrypto/pull/57

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers