Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97685 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 86630 invoked from network); 11 Jan 2017 14:24:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Jan 2017 14:24:15 -0000 Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.218.45 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.218.45 mail-oi0-f45.google.com Received: from [209.85.218.45] ([209.85.218.45:33513] helo=mail-oi0-f45.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 40/30-55699-D0046785 for ; Wed, 11 Jan 2017 09:24:14 -0500 Received: by mail-oi0-f45.google.com with SMTP id w204so89997608oiw.0 for ; Wed, 11 Jan 2017 06:24:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:from:date:message-id:subject:to; bh=JK6Y4cp2CcJ7jbxrzFVvAgGVzuR+/+fIj3NcMgW3Hzg=; b=LLY5OL1KBlAGkEPVLcCKVvcuu5Vn5dZSkOCzp4LrLhvvMVnkHtbLNukoQ3aXync2hc +FY7ht1WCG0EdtBgLiHXufek/0Uou/6loCpXjhm+6zztWH7VkklOJgjkBnVq2m/S8N3g POXfnilzy2rzWOVbTaVBGI8Y/K8yijR1ri1EQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JK6Y4cp2CcJ7jbxrzFVvAgGVzuR+/+fIj3NcMgW3Hzg=; b=sM9ZVlOO94VlKL62AxPvIehshG8pTTvd+5D/RLeZS2mrPPolK+xFfbrfJpmzfZTRL8 lKSq22uNOyLp5731poUFz/4Jh6UNuz3u9DqdFiq4tIs1CSvPJZfKcWYXjZom8341N+w5 F4cSza6NeGPxTEsi1LekJFZ/uom0DU+Y+wg8TupfHp1WxTc6OI5wAB6BxHxL3w7/fqns I/DM1RY2+X1WjUUCH4wtpV4h135e5mWnikUf+nBLGjSBENx3FTkU75lQtSwy+0n9Ywl/ T5lJbiJs7gP0/+C64tmTgBNz08mFUP+NVKekQ9VYwthQSqcVXcradRPTwhS26DErGOWq nk8A== X-Gm-Message-State: AIkVDXJx//JrlLKIxM6CMias684Vp1WvtXcVLR4861J6Kt4GYX8cUbyn/PDZSdlDAqGGh3V3tLUsqW0pHuhLzQ== X-Received: by 10.202.84.143 with SMTP id i137mr4224012oib.202.1484144651241; Wed, 11 Jan 2017 06:24:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.202.232.8 with HTTP; Wed, 11 Jan 2017 06:24:10 -0800 (PST) Date: Wed, 11 Jan 2017 16:24:10 +0200 Message-ID: To: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a113debb8bba4110545d25a09 Subject: [Discussion] HKDF From: narf@devilix.net (Andrey Andreev) --001a113debb8bba4110545d25a09 Content-Type: text/plain; charset=UTF-8 Hi all, There's a pending GitHub pull request of mine to include a HKDF implementation into ext/hash. Mostly anybody who saw it agreed that it probably doesn't require an RFC vote, but I hadn't originally announced it here on the list either, so this is what I'm doing now ... For technical details, I'd say it is best to read IETF RFC 5869, which defines it, but here's the TL;DR version: - HKDF stands for "HMAC-based Key Derivation Function" - Useful in constructing encryption schemes, most notably to derive separate keys for encryption, authentication using only a single input key. Unless you're doing that, you probably don't care about it. - Unlike e.g. PBKDF2, it is supposed to be fast (as it's not a password-based KDF), making it great for encryption/decryption on the fly in web applications There's one thing that may be contentious - whether to call it hkdf() or hash_hkdf(); there are valid reasons for both and that's what I'd like to discuss mostly, as everything else boils down to just a tumbs up/down for the entire thing. But of course, I appreciate all feedback. :) GitHub PR: https://github.com/php/php-src/pull/1105 IETF RFC: https://tools.ietf.org/html/rfc5869 P.S.: The PR was submitted a long time ago - almost 2 years - thanks to Joe for bumping it up. Cheers, Andrey. --001a113debb8bba4110545d25a09--