Comment 24 for bug 1175367
Revision history for this message
| Simo Sorce (simo-x) wrote Re: Memcache encryption middleware improperly implemented | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Paul,
just a point, on HKDF, I was recommending to use just expand, and not the extract phase of HKDF, so no salt would be required (and technically you can avoid the salt on the extract phase too, the RFC recommends it but says it is not critical.
I am not sure you really need 384 bits for the secret, but won't hurt.
I did not know the cache key was used as an authentication token elsewhere though, can you elaborate that? It's worrying.