From 8e6b461094305f47a1f0145eed636ca95cb5c8e5 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 25 May 2016 23:26:36 -0400 Subject: PBKDF2 works better if we generate the right number of output bytes. --- last_gasp_pin_internal.h | 4 ++-- utils/last_gasp_default_pin | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/last_gasp_pin_internal.h b/last_gasp_pin_internal.h index 13c3078..62dc1e5 100644 --- a/last_gasp_pin_internal.h +++ b/last_gasp_pin_internal.h @@ -4,6 +4,6 @@ static const hal_ks_pin_t hal_last_gasp_pin = { 100000, - {0xc1, 0xdb, 0xbf, 0x89, 0x5b, 0xd4, 0xa5, 0x64, 0xfb, 0xbc, 0x33, 0xcb, 0xf8, 0x5a, 0xb0, 0xfa, 0xa8, 0x13, 0xd8, 0x9e, 0x28, 0xdf, 0x28, 0x15, 0x21, 0x0d, 0x7e, 0x9d, 0x53, 0xd9, 0xfc, 0x32}, - {0xb3, 0xbf, 0x4d, 0xcd, 0xa2, 0x1a, 0x96, 0x63, 0x2b, 0xc4, 0x0c, 0xdb, 0xa1, 0x5d, 0x34, 0xfa} + {0xb0, 0x1a, 0xfb, 0xa8, 0xe9, 0x03, 0x99, 0xd5, 0xf6, 0xff, 0x33, 0x06, 0x7b, 0x64, 0xf2, 0x01, 0x0a, 0x13, 0x21, 0x9a, 0xf9, 0xe3, 0xfd, 0x26, 0x49, 0xe7, 0xbb, 0xca, 0xc0, 0xf0, 0x2e, 0x7d}, + {0xc1, 0x87, 0x1d, 0xf2, 0x4c, 0xf4, 0xd9, 0xe7, 0x68, 0xfa, 0x62, 0xec, 0xac, 0x2d, 0xb7, 0x10} }; diff --git a/utils/last_gasp_default_pin b/utils/last_gasp_default_pin index e0d9839..c2ca965 100755 --- a/utils/last_gasp_default_pin +++ b/utils/last_gasp_default_pin @@ -56,6 +56,10 @@ parser.add_argument("-i", "--iterations", type = int, default = 100000, help = "PBKDF2 iteration count") +parser.add_argument("-d", "--derived-key-length", + type = int, + default = 64, + help = "length of BPKDF2 output (must match libhal)") args = parser.parse_args() def HMAC_SHA256(pin, salt): -- cgit v1.2.3