Comments (4)
sideshowbarker
commented on May 17, 2024
3
Iβve opened #5529 with a fix that documents the requirements for the length parameter.
@juanelas, @Gu7z βΒ since per #1671 (comment) throwing for input > 256 bytes is not conformant with the spec requirements, if Firefox is throwing in that case, then the appropriate place to raise an issue for getting that (browser-specific) problem documented is in the https://github.com/mdn/browser-compat-data/issues issue tracker.
from content.
twiss
commented on May 17, 2024
1
Hey π
If that is in fact a requirement that implementations are required to enforce, should it be specified β or at last mentioned β in the WebCrypto spec itself? Or is it instead in fact the case that that requirement is normatively defined in RFC 2898, and so the WebCrypto spec should not try to also normatively (re)define it?
Yeah, this is required here: https://w3c.github.io/webcrypto/#pbkdf2-operations
Can you confirm that β
Lengthargument does not accept an input > 256 bytesβ requirement is in fact not an actual requirement in any of the relevant specifications?
This is indeed not a requirement, and Chrome and Safari allow this.
However, I can't actually find this requirement mentioned on MDN - I think this issue was meant to be a bug report in Firefox? So I assume this is a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1469482.
from content.
Gu7z
commented on May 17, 2024
Any updates? π @chrisdavidmills
from content.
sideshowbarker
commented on May 17, 2024
@twiss, The example code in the issue description seems to confirm that the assertions in the issue description are true β but can you please confirm? I mean specifically the following:
SubtleCrypto.deriveBits() with PBKDF2:
Lengthargument must be a multiple of 8. This is congruent with the RFC but should be documented
If that is in fact a requirement that implementations are required to enforce, should it be specified β or at last mentioned β in the WebCrypto spec itself? Or is it instead in fact the case that that requirement is normatively defined in RFC 2898, and so the WebCrypto spec should not try to also normatively (re)define it?
Lengthargument does not accept an input > 256 bytes. This constraint is not defined in the original PBKDF2 and should be considered to be removed.
Can you confirm that βLength argument does not accept an input > 256 bytesβ requirement is in fact not an actual requirement in any of the relevant specifications?
from content.
Related Issues (20)
- Ensuring ordering on conditional use of promises: Example is fundamentally flawed
- [CSS] `calc()` can parse color components
- Create "Cumulative Layout Shift" glossary page HOT 2
- content Error HOT 2
- [Web API] HTML character entities are supported in WebVTT
- [CSS] Support alt text in the `content` property
- inset() shape function missing information
- [Security] Upgrade passive mixed content to HTTPS
- Limitations of `path()` basic shape
- Dead Link
- Internet Explorer is outdated, need to change the content
- MDN inert Attribute Docs: Missing Info on Text Selection Prevention
- Crashes on iOS Safari HOT 1
- Add a glossary entry for "federated identity provider"
- Unclear whether omitting `<tbody>` tags (putting `<tr>` directly under `<table>`) is valid
- Define a `packageManager` field in `package.json`
- CSS pointer-events description is inaccurate
- Examples don't work HOT 2
- Broken link to brower compatability section in API landing pages HOT 1
- minimalDays could use more explanation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from content.