Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100466 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46869 invoked from network); 8 Sep 2017 10:28:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Sep 2017 10:28:04 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:37282] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A2/3E-10715-0B072B95 for ; Fri, 08 Sep 2017 06:28:02 -0400 Received: (qmail 34383 invoked by uid 89); 8 Sep 2017 10:27:57 -0000 Received: from unknown (HELO mail-it0-f46.google.com) (yohgaki@ohgaki.net@209.85.214.46) by 0 with ESMTPA; 8 Sep 2017 10:27:57 -0000 Received: by mail-it0-f46.google.com with SMTP id c195so948560itb.1 for ; Fri, 08 Sep 2017 03:27:57 -0700 (PDT) X-Gm-Message-State: AHPjjUgZvHOp6q8fIGIJ9hydx25IlePIXufTcDUC591FrsNQyFTtZV4y NVgaaPxTNLXwyuOdGFDBeCeLSQUT1TPuxrfdnw== X-Google-Smtp-Source: ADKCNb7KJqoVTNT53VkPtVUZ4k8wjOwEeleZW/lstYVpzBD00W1rb8mlFo/JnD5R9ZatQafsJ35YGt9JzLXLK5tMGE0= X-Received: by 10.36.57.143 with SMTP id l137mr223828ita.56.1504866471414; Fri, 08 Sep 2017 03:27:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.72.5 with HTTP; Fri, 8 Sep 2017 03:27:10 -0700 (PDT) In-Reply-To: References: Date: Fri, 8 Sep 2017 19:27:10 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Niklas Keller Cc: Andrey Andreev , "internals@lists.php.net" , Nikita Popov Content-Type: multipart/alternative; boundary="001a114ab5d47694c70558ab079d" Subject: Re: [PHP-DEV] Re: hash_hkdf() signature and return value From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a114ab5d47694c70558ab079d Content-Type: text/plain; charset="UTF-8" Hi Niklas, On Fri, Sep 8, 2017 at 6:38 PM, Niklas Keller wrote: > I finally find out what's wrong. >> > > No, you didn't. You still want to use user-supplied passwords as IKM. HKDF > is not suited for that purpose. > Andrey and Nikita clearly misunderstood the RFC 5869. This is what was wrong in previous discussions. Weak key usage is smaller issue as I insisted HKDF is perfectly good for CSRF token, API keys and URI signing. These 3 would be the most common PHP HKDF applications. What do you mean by "No, you didn't"? I totally agree with that weak key has more risks. The risk is too obvious for any algorithms. Suppose we have "A" as the key, there is no protection at all. Not even PBKDF2 or anything can protect such passwords. I think you don't mean users shouldn't use key derivation with password. Users may use HKDF and password with the security level of the password. RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3 >> -------- >> In some applications, the input key material IKM may already be >> present as a cryptographically strong key. In this case, one can skip the >> extract part and use IKM directly to key HMAC in the expand step. >> --------- >> >> Therefore, you are debating "IKM should be strong always" and >> "salt is pure optional parameter". >> > > Yes, HKDF might be used for lower-entropy IKM, but not for short inputs > like passwords. The extract part requires a large low-entropy input to > concentrate the entropy into a smaller output. HKDF doesn't add / amplify > entropy, but it can concentrate a larger low-entropy input to a > smaller output with entropy. > > Further reading material: https://eprint.iacr.org/2010/264.pdf > Thank you nice reading. I've read briefly. It sounded like SHA-2 and SHA-3 difference that could be ignored in practice now. Now issue is whether we'll fix the improper and inconsistent API or not. Thank you Niklas, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a114ab5d47694c70558ab079d--