Clarify that the key backup MAC is implemented incorrectly
Due to a bug in libolm, all implementations of the m.megolm_backup.v1.curve25519-aes-sha2 key backup algorithm incorrectly pass an empty string through HMAC-SHA-256 to generate the `mac` property of the `session_data`. It was intended for the entire raw encrypted data to be passed through HMAC-SHA-256, but the issue was caught too late in the process, and thus we are stuck with this until a new key backup algorithm is introduced. This commit clarifies the real-world behavior of all current implementations. Signed-off-by: Sumner Evans <sumner@beeper.com>pull/1712/head
parent
4a80df364a
commit
77b2879602
@ -0,0 +1 @@
|
||||
Clarify that the key backup MAC is implemented incorrectly and does not pass the ciphertext through HMAC-SHA-256.
|
Loading…
Reference in New Issue