Open ni4 opened 11 years ago
Even when password is enabled, for key generation only first 32 bytes of seed-password-iv buffer are used:
EVP_DigestInit(&ctx, EVP_sha1()); EVP_DigestUpdate(&ctx, buffer, OBFUSCATE_SEED_LENGTH + iv_len); EVP_DigestFinal(&ctx, md_output, &md_len);
So, for instance, when password is longer then 16 bytes, the same key will be used for client and for server.
Even when password is enabled, for key generation only first 32 bytes of seed-password-iv buffer are used:
So, for instance, when password is longer then 16 bytes, the same key will be used for client and for server.