Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98632 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68704 invoked from network); 25 Mar 2017 10:31:38 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Mar 2017 10:31:38 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.163 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.163 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.163] ([81.169.146.163:9272] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C0/ED-40046-80746D85 for ; Sat, 25 Mar 2017 05:31:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1490437893; l=3083; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=Qrj3/HuKftZBfq7yhQf3MrjV1b0bn7WRXWF71mJoLdg=; b=BfCubsrpiNQIuA725/5fssXDsgyo7640Dyj9/cQ+MiHDuqq34z9sAbVHDnDl7QuqPq NYvg9a/NGMR3gv66/R0XgGOwd40zR6rabZKy5fHNkVXUjY/NM+N5ItduojuATOmeKYxS qvEHml/vdiGUqJ//FnhkJSWvZe2MZoG17J85M= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNJBqDwskQ= X-RZG-CLASS-ID: mo00 Received: by mail-qt0-f182.google.com with SMTP id r45so8448036qte.3 for ; Sat, 25 Mar 2017 03:31:33 -0700 (PDT) X-Gm-Message-State: AFeK/H0cg3cC2TFr6cDdEOBcj0WS5kEPcnKA9P/Vq6ncvc+1LJgcJ3rHPg+iJ/uUPvQ+70SrVHNOnjETZ3mhIQ== X-Received: by 10.237.36.212 with SMTP id u20mr11721707qtc.290.1490437892853; Sat, 25 Mar 2017 03:31:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.144.167 with HTTP; Sat, 25 Mar 2017 03:31:32 -0700 (PDT) In-Reply-To: References: Date: Sat, 25 Mar 2017 11:31:32 +0100 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" , Andrey Andreev Content-Type: multipart/alternative; boundary=001a1141086229df82054b8b9db0 Subject: Re: [PHP-DEV] [RFC] [VOTE] Improve hash_hkdf() parameter From: me@kelunik.com (Niklas Keller) --001a1141086229df82054b8b9db0 Content-Type: text/plain; charset=UTF-8 > > Hi all, > > Since hash_hkdf() is in PHP 7.1.2, I start vote from today. > > Current hash_hkdf() function signature does not make sense. > > - hash_hkdf() is simple hash_hmac() extension, yet it has totally > different signature. > - Return value is binary unlike other hash functions. > - The signature is insecure. > > https://wiki.php.net/rfc/improve_hash_hkdf_parameter > > Current signature is overly optimized very limited crypto operation > and cannot be optimal by above reasons. > > Fortunately, almost all users are not using current hash_hkdf(). > It's only from 7.1.2 to 7.1.4 now. We should avoid yet another > new inconsistent and insecure function. It would be better to be > fixed ASAP, IMHO. > > Vote start: 2017-03-25 > Vote end: 2017-04-06 UTC 23:59:59 > > Thank you for voting. > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > Please don't forget to update https://wiki.php.net/rfc next time. Fixed that for now. Regards, Niklas --001a1141086229df82054b8b9db0--