search

stef / pysodium

wrapper for libsodium providing high level crypto primitives
Other
130 stars 50 forks source link

crypto_auth and crypto_auth_verify use empty byte string as a key by default #87

Closed vlevit closed 5 years ago

vlevit commented 5 years ago

I wonder is there a reason why crypto_auth and crypto_auth_verify accept key which is empty byte string by default? Doesn't usage of empty string as a key defeat the purpose of authentication since everyone can make a valid authentication tag for a tampered message?

Official documentation says

The crypto_auth() function computes a tag for the message in, whose length is inlen bytes, and the key k. k should be crypto_auth_KEYBYTES bytes. The function puts the tag into out. The tag is crypto_auth_BYTES bytes long.

(emphasis is mine)

stef commented 5 years ago

valid observation. this should be fixed.