Pbkdf2PasswordHashImpl generate() creates sometimes invalid result


Rudy De Busscher
 

During the tests I was writing for Pbkdf2PasswordHashImpl, I saw that Pbkdf2PasswordHashImpl#generate() generates a result with line breaks in it.

PBKDF2WithHmacSHA512:1024:QRyYndGzgjmZ7DT51fQ4orSJp5b1IkEaY7qFp9o0Q8ZW4GuR7A7sOQN80Dtrqh1stXjK/VSj5+TY\nZClDbdM/wQ==:VNDmODrwU/geTRbtYaQXOrraPh1XP38qM1rRJtLts0OVLjpCq8Q5OYMdxR5whK7JgJpWQqMh1zIh\nYoTLatrXWA==

(the above example is when using a longer salt and longer key size, both 64)

This is due to the fact that the Base64 algorithm adds line breaks after every 76 character.

But these line breaks makes the Base64 invalid when we call the verify() method with this kind of values.

My proposal is to remove them (the line breaks)  during generation of the hash (generate() method) and also clean them out before base64 decoding (decode() method)

Rudy

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.