Closed Bug 1271351 Opened 4 years ago Closed 4 years ago

PBKDF2 different results from Chrome/Edge

Categories

(Core :: Security, defect, major)

46 Branch
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 1271350

People

(Reporter: mihaly.lengyel, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36

Steps to reproduce:

Running the code below doesn't give the same results as Chrome/Edge (with or without the .buffer):
window.crypto.subtle.importKey('raw',
	new Uint8Array([156, 19, 162, 59, 197, 138, 82, 190, 139, 180, 250, 26, 44, 189, 255, 1, 116, 114, 101, 115, 111, 114, 105, 116, 95, 100, 98, 95, 114, 101, 99, 111, 114, 100, 95, 105, 100]).buffer,
	{name: 'PBKDF2', hash: { name: 'SHA-256' } }, false, ['deriveBits'])
 .then(key => 
	window.crypto.subtle.deriveBits({ name: "PBKDF2", hash: { name: 'SHA-256'}, salt: new Uint8Array(0).buffer, iterations: 1 }, key, 256))
 .then(res => console.log(new Uint8Array(res)), rej => console.log(rej));


Actual results:

I didn't get the same results as in Chrome.


Expected results:

The same results I get in other browsers.
Severity: normal → major
Component: Untriaged → Security
Product: Firefox → Core
This is the same as bug 1271350 - NSS is doing the wrong thing given a zero-length salt.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1271350
You need to log in before you can comment on or make changes to this bug.