search

sharplispers / ironclad

A cryptographic toolkit written in Common Lisp
BSD 3-Clause "New" or "Revised" License
176 stars 28 forks source link

SHAKE256 craps out for OUTPUT-LENGTH beyond 200 bytes. #47

Closed dbmcclain closed 2 years ago

dbmcclain commented 3 years ago

I just ran into this. Perhaps it also plagues the other SHAKE algos too. I expected to have a clean, repeatable 16KB hash from SHAKE256, but found that the repeatable part is restricted to the first 200 bytes. I see mention of 200 length in the code, but haven't tracked down the actual problem location.

AFAIK there are no prescribed limits to the output length from SHAKE. But perhaps you know of some. Certainly, crypto prudence would suggest that asking for unlimited amounts of hash from a single collection of updates might be a bit much to count on.

glv2 commented 3 years ago

It should be fixed in 7160a053fcad7ea8e27769f69807a264de22f5ba. Thanks for the report.