Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97786
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99383 invoked from network); 16 Jan 2017 11:44:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Jan 2017 11:44:43 -0000
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.161.170 mail-yw0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:36669] helo=mail-yw0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 12/98-00729-922BC785 for <internals@lists.php.net>; Mon, 16 Jan 2017 06:44:43 -0500
Received: by mail-yw0-f170.google.com with SMTP id a10so66761151ywa.3
        for <internals@lists.php.net>; Mon, 16 Jan 2017 03:44:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=F7cmpSP+vz4Gf4mRNTg8FRLUxWN0sY2Qa7R4mouugrI=;
        b=uU1RUKhaahRKp7NOKIyhPxrEZ9egvII8PB366MKermwxFsnuiQ4pns++5xj0kTkUrN
         qTLa1RYXeicp1kwk8tcMJsXHPEboSoNzIy1p79LtcjqvF6Vko8/pqijyYFsX881DXwT0
         qeN7PR296Jepp8bfxsKRaLR9onlaiCiWeEJKPZTA7ozybaga9sm1egScbX/bAGK9NhJE
         pWB2iXB6TPfoWt4kTvYJTSbm9QYMlk+CoitZhMFfpd3jPTWCZ3FLyW5olErbA/670dav
         EKCxDSQlS9PkRcLPJowfptWl1sp4PXf6dxD/LiQYr56muO4xpZjM1ttXQuNltcWWV8Z6
         QWQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=F7cmpSP+vz4Gf4mRNTg8FRLUxWN0sY2Qa7R4mouugrI=;
        b=Yp3bc9hFqERqVuLYhyNzF502NeLGOqfi2O5Of/GjiIwpozj+f4xEbePWdzqwblBk9d
         v/sdEUCQZw4DHG4hdoyqZ3BlYNtJWWcDiunp8tp5NVhWw8T96GAcdNS2GXNDLUo6GUl3
         8M+DQumg6xMYBpVUMZ6Ub+D2WCCtSiwY3TiZdlt9+b03ahuUXetKxwACnJyHChGNhlIT
         /4a/NT2wYrJo3jr48Diz1Ika+BBWDucsKoy48xQqKhrtu4A6KA1zgmOw+Q4xwXexPOXA
         EKqV1axf3ACERwfnqO3te/oOdSu9RkT+4M7QzRhHx3lGTXwgW3QLLc8yj5k9uLgDuZI3
         NkiA==
X-Gm-Message-State: AIkVDXLF3tXRps7UetJc6ETooBl9dA7CVJBeMtbDw8f44sGwG3XHOsgc/Nzyq37tOlqGhzGxs6oIODtLtCmsAg==
X-Received: by 10.129.159.213 with SMTP id w204mr25342792ywg.29.1484567078855;
 Mon, 16 Jan 2017 03:44:38 -0800 (PST)
MIME-Version: 1.0
Sender: jakub.php@gmail.com
Received: by 10.129.72.73 with HTTP; Mon, 16 Jan 2017 03:44:38 -0800 (PST)
In-Reply-To: <CAPhkiZz+eHFEYFA_4yCbTeBZ8KtugbO_Vw9acERo9G+hWYGteQ@mail.gmail.com>
References: <CAPhkiZz+eHFEYFA_4yCbTeBZ8KtugbO_Vw9acERo9G+hWYGteQ@mail.gmail.com>
Date: Mon, 16 Jan 2017 11:44:38 +0000
X-Google-Sender-Auth: 3Zt1F5saG9kNFr_SFCPQtPskius
Message-ID: <CAEKnhAE=0qVgNaCKAdbODP1C5PWyTvXL-PP3mBptfq3qamozcQ@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=94eb2c0b605261695e054634b553
Subject: Re: [PHP-DEV] [Discussion] HKDF
From: bukka@php.net (Jakub Zelenka)

--94eb2c0b605261695e054634b553
Content-Type: text/plain; charset=UTF-8

On Wed, Jan 11, 2017 at 2:24 PM, Andrey Andreev <narf@devilix.net> wrote:

> Hi all,
>
> There's a pending GitHub pull request of mine to include a HKDF
> implementation into ext/hash.
> Mostly anybody who saw it agreed that it probably doesn't require an RFC
> vote, but I hadn't originally announced it here on the list either, so this
> is what I'm doing now ...
>
> For technical details, I'd say it is best to read IETF RFC 5869, which
> defines it, but here's the TL;DR version:
>
>  - HKDF stands for "HMAC-based Key Derivation Function"
>  - Useful in constructing encryption schemes, most notably to derive
> separate keys for encryption, authentication using only a single input key.
> Unless you're doing that, you probably don't care about it.
>  - Unlike e.g. PBKDF2, it is supposed to be fast (as it's not a
> password-based KDF), making it great for encryption/decryption on the fly
> in web applications
>
> There's one thing that may be contentious - whether to call it hkdf() or
> hash_hkdf();
>

Should be definitely hash_hkdf as it's part of the hash extension (that's
why hash prefix) and we might add openssl_hkdf that will use OpenSSL
implementation added to 1.1 - it would also use OpenSSL implemention for
underlaying hash implementation that is more powerful in some ways (e.g.
ASM optimization of some main hash functions).

Cheers

Jakub

--94eb2c0b605261695e054634b553--