Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98264 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 35446 invoked from network); 8 Feb 2017 14:22:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Feb 2017 14:22:39 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.44 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.44 mail-oi0-f44.google.com Received: from [209.85.218.44] ([209.85.218.44:35545] helo=mail-oi0-f44.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AF/73-33872-DA92B985 for ; Wed, 08 Feb 2017 09:22:38 -0500 Received: by mail-oi0-f44.google.com with SMTP id j15so82621196oih.2 for ; Wed, 08 Feb 2017 06:22:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RbFtTjts6HO3+iT3KcSWgn/QIt7tH62DNBowy37xCYo=; b=v/UXyPALMr5NC253okfmO3FMC7tqBIxZ7kgW7BfdHSDWgIAQTDqMyrJPB6pRvRa/s1 TFtoIVIMe14sKW0tAGBW9UtMLO/TrFMrjDsuwD9cjkQm5mIpwBQ8vZ85GaYVFPkS9GxT MMF03WLvIctLArqHt5iwCGXJMrpCrX6hTL3w5MIZEyFUYuMdWQTmjgRsTfk/OkIgVH1u BEtErfYpyIIukEPWJmyYccrFmPjJG9/WHq0WZqou+vUplBmt0ZJnP5OLHMhX0dwenzBS bECQX5ywWe7P1olyzLQ/gODq8XG7UgnjYrWhGfDsnSF52UirsRWLBNrdv5cjx67SoSks qszw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RbFtTjts6HO3+iT3KcSWgn/QIt7tH62DNBowy37xCYo=; b=tc+q5igyotdDjaINx+CB8U4AvJ1ULvzBNbl20EbbqGafIWpo5WGKfGJPKJ3EbNsv6T ozrVkse+lqzkMYEVE2+zBE+7vWdmuM3ElGOpWK/uXBWH2chgD4FjiAsyx/mMkhsCoXtk QTtNoXlJQ8o6s5/Q6gigfxxdz+wHydW7H4QRGEazotknWiGRCTvZWZOn//RythwDZuC8 NkK1kvhilayRIDwAZq5Zu6PjrRX3V3fXRCAaHbLgeepyparc1wjyX4vn/26tdejMLSDN 0HIPAZUfp34df3TiiEjq43Z+zKidRDF1JwjuhnFLPMmpeeytil7AL6oVtHS5ek35n9o6 //Yw== X-Gm-Message-State: AMke39kvkIuTzdRbpjzhaPG4+bIdib2FGBghl61/4hLy4xE8XN3xp5fojmbS+jVj9h8MbJnivQEPIlf+R41XLg== X-Received: by 10.202.196.87 with SMTP id u84mr11750663oif.44.1486563754878; Wed, 08 Feb 2017 06:22:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.56.141 with HTTP; Wed, 8 Feb 2017 06:22:34 -0800 (PST) In-Reply-To: References: Date: Wed, 8 Feb 2017 09:22:34 -0500 Message-ID: To: Andrey Andreev Cc: Yasuo Ohgaki , "internals@lists.php.net" , Nikita Popov Content-Type: multipart/alternative; boundary=001a1134fa548bbfa10548059838 Subject: Re: [PHP-DEV] hash_hkdf() signature From: scott@paragonie.com (Scott Arciszewski) --001a1134fa548bbfa10548059838 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Feb 8, 2017 at 4:16 AM, Yasuo Ohgaki wrote: > Hi Scott, > > There are applications that do not require salt. In this case, all users > has to do is > $salt =3D NULL > to omit $salt. > Great. On Wed, Feb 8, 2017 at 6:27 AM, Andrey Andreev wrote: > Hi, > > On Tue, Feb 7, 2017 at 10:22 PM, Scott Arciszewski > wrote: > >> >> >> Although the RFC itself says that salts are optional, the argument to >> make them required in PHP's implementation has merit. The only downside = is: >> If you're integrating with an implementation that doesn't require salts, >> and the application doesn't use salts, you're out of luck. Is that enoug= h >> of a downside to dismiss an argument for better security? Maybe. >> >> > I said this in another thread already, but I'll re-iterate here ... Using > a salt should be recommended, but the suggestion here takes that out of > context and misses a key point - that the Length and Info params are not = of > any less importance overall. > > - Length is effectively the key size and is in fact not optional in > RFC5869*. You have to really know what you're doing if you don't use it, > and choose the hash function very carefully. I'd argue that if you know > this well enough, you'd also know what to do with Salt. > - Info is technically optional, but pretty much the feature why you'd > choose HKDF over other KDFs. It's what makes HKDF's more useful in that i= t > enables derivation of multiple OKMs from a single IKM. If you don't need > Info, chances are you don't need HKDF. > > One could use Salt for the purposes of Info, but that would be misusing > the algorithm. > Over-focusing on Section 3.1 of the specification, while at the same time > ignoring Section 3.2 - arbitrarily making OptionalParamX mandatory becaus= e > the note about it mentions the word "security". Noble, but misguided. > > I'd have no problem if ALL of the params were made non-optional - I'm all > for that, but either do that or leave it untouched. > > * RFC 5869: https://tools.ietf.org/html/rfc5869 > > Cheers, > Andrey. > Given everything discussed in this sub-thread so far, =E2=80=8BI would be i= n favor of making everything non-optional. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises =E2=80=8B --001a1134fa548bbfa10548059838--