27403 – Should PBKDF2 be allowed on non-multiple of 8 lengths for consistency?

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27403 - Should PBKDF2 be allowed on non-multiple of 8 lengths for consistency?

Summary: Should PBKDF2 be allowed on non-multiple of 8 lengths for consistency?

Status:	RESOLVED MOVED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-21 21:56 UTC by Eric Roman
Modified:	2016-05-23 22:55 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Eric Roman 2014-11-21 21:56:54 UTC

PBKDF2 throws an OperationError if length is not a multiple of 8 bits.

This seems inconsistent with deriveBits() for other algorithms, which simply truncate to the specified bit length (for instance ECDH and DH).

Comment 1 jimsch 2016-03-04 20:17:31 UTC

Looking at RFC 2898 which has a definition of PBKDF2.  The inputs include

dkLen - intended length in octets of the derived key, a positive integer.

This means that the algorithm itself requires that the output length be an integral number of bytes and is not specified for odd bit sizes.

This bug should be resolved as by design.

Comment 2 Mark Watson 2016-05-23 22:55:17 UTC

Moved to https://github.com/w3c/webcrypto/issues/32