Author Topic: Bug in HMAC-SHA-256  (Read 5357 times)


  • Guest
Bug in HMAC-SHA-256
« on: November 26, 2005, 09:48:00 AM »
I've discovered a small copy/paste bug in the rstr_hmac_sha256 function in sha256.js from the downloadable version.

At the end of the function, where the opad is mixed with the ipad hash, the code reads:
Code: [Select]
return PasswordMaker_HashUtils.binb2rstr(this.binb_sha256(opad.concat(hash), 512 + 160));
However, since SHA-256 is 256 bits, the line should read:
Code: [Select]
return PasswordMaker_HashUtils.binb2rstr(this.binb_sha256(opad.concat(hash), 512 + 256));
I've confirmed this by comparing Paul Johnston's HMAC-MD5 and HMAC-SHA-1 versions.

-- Asgeir

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
Bug in HMAC-SHA-256
« Reply #1 on: November 26, 2005, 01:46:43 PM »
Hi asgeirn,

Thanks for reporting this. Pedro Gimeno also reported this in IRC chat about a week ago. However, it exists in all PasswordMaker editions -- not just the downloadable version. So although it's a bug, the consistency of the bug means password generation is also consistent across all editions.

Very shortly, PasswordMaker versions will be released which fix the bug and give users the option of selecting the old SHA-256 (buggy) algorithm or the new one. This was also done with MD-5, so you'll see "MD-5" and "MD-5 Version 0.6" in the algorithm list. Eventually, the buggy algorithms will be removed altogether.

Thanks again,

PasswordMaker Forums

Bug in HMAC-SHA-256
« Reply #1 on: November 26, 2005, 01:46:43 PM »