Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97798 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57852 invoked from network); 17 Jan 2017 06:18:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Jan 2017 06:18:17 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:34612] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 97/CE-00729-727BD785 for ; Tue, 17 Jan 2017 01:18:16 -0500 Received: (qmail 102360 invoked by uid 89); 17 Jan 2017 06:18:12 -0000 Received: from unknown (HELO mail-wm0-f49.google.com) (yohgaki@ohgaki.net@74.125.82.49) by 0 with ESMTPA; 17 Jan 2017 06:18:12 -0000 Received: by mail-wm0-f49.google.com with SMTP id c206so207235467wme.0 for ; Mon, 16 Jan 2017 22:18:10 -0800 (PST) X-Gm-Message-State: AIkVDXIenbH1Fe6r3ZQb2IJ1U70/iHKFl1jFkB6H/xSAYrJYgAcKFj8yUXCARpvVSoZcgVKM6PANkbZi9MfjTA== X-Received: by 10.28.230.194 with SMTP id e63mr15252445wmi.25.1484633884559; Mon, 16 Jan 2017 22:18:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.195.12.8 with HTTP; Mon, 16 Jan 2017 22:17:23 -0800 (PST) In-Reply-To: References: Date: Tue, 17 Jan 2017 15:17:23 +0900 X-Gmail-Original-Message-ID: Message-ID: To: fsb Cc: Andrey Andreev , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a1147c8244f96b20546444378 Subject: Re: [PHP-DEV] [Discussion] HKDF From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a1147c8244f96b20546444378 Content-Type: text/plain; charset=UTF-8 Hi fsb, On Tue, Jan 17, 2017 at 3:47 AM, fsb wrote: > > - when salt is ''(empty string), use default static known random salt >> value. >> Note: hkdf's salt could be known, yet provide stronger result as RFC >> states. >> > > This change renders the implementation nonstandard. And it's useless for > security. > > "Known" and "known to an attacker" are not the same. Alice and Bob must > know the salt to obtain the derived key. But if they use a well-known > standard value that everyone knows, the salt's purpose is defeated. Right. Hardcoded salt only provides marginal improvement. e.g. Attackers have to build PHP specific dictionary. I don't insist to have hard coded one because it's not too effective. Let's not have it. > "Known" and "known to an attacker" are not the same. This is very important. I explained why I would like to make "salt parameter required" in reply for Nikita's post. IMO, most HKDF usage with PHP can have secret salt to improve security. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a1147c8244f96b20546444378--