Truncation issue in SecretKeyDerivation

Issue #412 resolved
Philip Smart created an issue

It seems to me that the SecretKeyDerivation#deriveSecretKey method is incorrectly truncating a 128 or 192-bit SHA-256 hash. That is, it is ‘right-truncating’ it, and not ‘left-truncating’ it.

The spec has been updated to make this clearer (which I admit confused me entirely the first time):

Comments (4)

  1. Yavor Vasilev
    • changed status to open

    Ouch. Thanks for reporting this. We'll check what's going on. This AES key derivation code had been around for almost 10 years now and is based on the very first OIDC drafts.

  2. Log in to comment