Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100465 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 43404 invoked from network); 8 Sep 2017 09:38:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Sep 2017 09:38:46 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.217 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.217 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.217] ([81.169.146.217:18393] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9F/CD-10715-42562B95 for ; Fri, 08 Sep 2017 05:38:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1504863521; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=yTUVQZjyv9T3BsZg6lUDiGbLCXH/6ryTkQXoSxuNYz8=; b=KFTWDf6HwH+rDUxqqbUYfgf0ihesJw7XVvM0T01v87dUe8cLz8YkrCy6ArvGwtRu33 Y2UFKWCNlOx5OaztqrSwoBg39tSJolB77xQwDR0IA3MbUTl+2+e7qtphSqPX+B1QoAgo YQq1pi4d7KkMlQZSwLYsOZ4hpgO2PlXoQhnX8= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuYROBqD/tf4= X-RZG-CLASS-ID: mo00 Received: by mail-yw0-f175.google.com with SMTP id q80so6006141ywg.2 for ; Fri, 08 Sep 2017 02:38:41 -0700 (PDT) X-Gm-Message-State: AHPjjUjSy91m5T6NsZGHSI+2GvLZtTkG1eNL8FYn5g/hqL9Tt8vSNg5R ecKQNV9UDHE1RfiYb9wsgW/XFmi6RQ== X-Google-Smtp-Source: AOwi7QAtR+Cy7VM4QeeTbJSSnrGa5SNiKFHPGBhqfPDdIuncdAllS2iwLxzkvUxDQA89UtiQhVTB6CQiJGL874lFP/I= X-Received: by 10.37.110.68 with SMTP id j65mr1846708ybc.106.1504863520940; Fri, 08 Sep 2017 02:38:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.224.146 with HTTP; Fri, 8 Sep 2017 02:38:40 -0700 (PDT) In-Reply-To: References: Date: Fri, 8 Sep 2017 11:38:40 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: Andrey Andreev , "internals@lists.php.net" , Nikita Popov Content-Type: multipart/alternative; boundary="001a1148b4f699e9760558aa574b" Subject: Re: [PHP-DEV] Re: hash_hkdf() signature and return value From: me@kelunik.com (Niklas Keller) --001a1148b4f699e9760558aa574b Content-Type: text/plain; charset="UTF-8" > > I finally find out what's wrong. > No, you didn't. You still want to use user-supplied passwords as IKM. HKDF is not suited for that purpose. > RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3 > -------- > In some applications, the input key material IKM may already be > present as a cryptographically strong key. In this case, one can skip the > extract part and use IKM directly to key HMAC in the expand step. > --------- > > Therefore, you are debating "IKM should be strong always" and > "salt is pure optional parameter". > Yes, HKDF might be used for lower-entropy IKM, but not for short inputs like passwords. The extract part requires a large low-entropy input to concentrate the entropy into a smaller output. HKDF doesn't add / amplify entropy, but it can concentrate a larger low-entropy input to a smaller output with entropy. Further reading material: https://eprint.iacr.org/2010/264.pdf Regards, Niklas --001a1148b4f699e9760558aa574b--