obfsproxy: obfs2: When deriving padding keys we truncate the shared-secret hash
In derive_padding_key()
we do:
if (shared_seed_nonzero(state->secret_seed))
digest_update(c, state->secret_seed, OBFUSCATE_SEED_LENGTH);
OBFUSCATE_SEED_LENGTH
should read SHARED_SECRET_LENGTH
, similarly to how it is in derive_key()
.
This is a bug in obfsproxy master
, and it will break compatibility with any correct obfs2 implementations.
Good thing is that obfsproxy is going obsolete these days, so most (all?) obfs2 shared-secret users will probably be using pyobfsproxy.