pbkdf2 on hackage Re: Re[2]: [Haskell-cafe] Password hashing

[Dominic Steinitz]

Thomas Hartman wrote:
> http://hackage.haskell.org/cgi-bin/hackage-scripts/package/PBKDF2
> 
> Since no one took up my code review request I just did the best I

> Also I'm open to folding this into a more established crypto package
> if there are any takers... psst, dominic.

I've now had chance to review this and it looks a reasonable function to
include in the package. I'd love a patch. First a few comments:

1. Experience has taught me that you need a few tests against known test
vectors. If you look in the crypto package you will see there are
several such test programs. You could either create your own or add to
e.g. SymmetricTest (probably easiest).

>>> pbkdf2' :: ([Word8] -> [Word8] -> [Word8]) -> Integer -> Integer ->
>>> Integer -> Password -> Salt -> HashedPass

2. Any reason for the arguments being in a different order to that in
the spec?

>>> -- The spec says
>>> -- Here, INT (i) is a four-octet encoding of the integer i, most
>>> significant octet first.
>>> -- I'm reading from the right... is this the right thing?

3. I don't know but some known test vectors will almost certainly flush
this out.

>>> toWord8s x = L.unpack . encode $ x
>>>

4. Is there a guarantee that encode (I assume from Binary) does what is
required? I think you are guaranteed that encode . decode == id but I
don't know if any guarantee is made about the actual encoding (I haven't
checked by the way).

>>> --intToFourWord8s :: Integer -> [Word8]
>>> intToFourWord8s i = let w8s =  toWord8s $ i
>>>                    in drop (length w8s -4) w8s

5. This looks slightly suspicious. It won't work in general. I assume
you are sure that it is only ever used for the correctly sized Integers?

Thanks for your contribution, Dominic.