Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:98633
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72304 invoked from network); 25 Mar 2017 11:17:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Mar 2017 11:17:17 -0000
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.43 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 74.125.82.43 mail-wm0-f43.google.com  
Received: from [74.125.82.43] ([74.125.82.43:35198] helo=mail-wm0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 64/6E-40046-CB156D85 for <internals@lists.php.net>; Sat, 25 Mar 2017 06:17:16 -0500
Received: by mail-wm0-f43.google.com with SMTP id u132so29677798wmg.0
        for <internals@lists.php.net>; Sat, 25 Mar 2017 04:17:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=8EU/hubf8V6mCMXkiTbrypTCOflSO8bXW01e2RrCv9k=;
        b=uOtUJwt0rDQu1qOTeIdBAkvIcHWX0ataFyEG4Bz9iy9xpu6+kSW0L4ogzJx8tgYPbf
         GNxkGc9ZNL6RAMGOcGbyI32wJeH8RewXO8AS86cAX5CJnM/j4lcoU37R/Pmt9wFEB+hF
         teS+hUJJrffwdPX5SHCQs6I5rQpo9y2ZvFl/9F3Zx/wSK8h2KTwwpG2BBCBNTz2alLgu
         GIXYcAZq1MpreMMnYE5iEuSGa2aiAQJpmcfW79J6c2hm1VS0ZoWb8obVlxEj0E2U+MmG
         qTJcJUhBkLChdYUL/8A0tWGuoZj+xpXSA/ikrpY70eMJiU2gJIKF3l+npoiwAj7cIA90
         zbRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=8EU/hubf8V6mCMXkiTbrypTCOflSO8bXW01e2RrCv9k=;
        b=mzsiBkBPwYRptMZ2V9iiGRsmbWPWPnXzT795ce5WNze2wsJ7AMyC5MrF6ehebfVf2E
         7c0I0D2CaCLsNgzJsM52ersluvKsd4PNSXKJ0ZwgcWEvWRi4G87a774iQ7Wovdg7e7AY
         T64blizz/IWjDMrGxMm5ZSZKboSnYpAoz0G/MzgQU1Y0UBmg8AKhlQ/ypPQFF+LFgI/K
         UqYUZASbX4Hvnw4gh2BDxFGQjLiO1bLFlGZS2KdV07b4No07Fbm8llFQEVRPHKhBPVI4
         XfwIsYC0kbQqHIFE9BftRVTNHsYaUKZXU2Mcd1idElyTtw8RB2pQ5MCJj+wfG6IRjqSx
         NUNA==
X-Gm-Message-State: AFeK/H0x/x/de3SMeMeMffOKOIHaooo36W/A/9jGFaxLIp8xhjbRqKKTVRhLV1bmsOPYZxQmK7cqFovbWFY4UQ==
X-Received: by 10.28.93.142 with SMTP id r136mr1764448wmb.95.1490440633406;
 Sat, 25 Mar 2017 04:17:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.170.216 with HTTP; Sat, 25 Mar 2017 04:17:13 -0700 (PDT)
In-Reply-To: <CAGa2bXbrX8P7tV06FTprskzn-o7C36U=6ZBW70umL-ZLfV6NfQ@mail.gmail.com>
References: <CAGa2bXbrX8P7tV06FTprskzn-o7C36U=6ZBW70umL-ZLfV6NfQ@mail.gmail.com>
Date: Sat, 25 Mar 2017 12:17:13 +0100
Message-ID: <CAF+90c-v5zK-iXd80E4iAGut5ni4kLd_Lq1mE_d0RFeTZGewKA@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>, Andrey Andreev <narf@devilix.net>
Content-Type: multipart/alternative; boundary=001a11471934835a39054b8c4071
Subject: Re: [PHP-DEV] [RFC] [VOTE] Improve hash_hkdf() parameter
From: nikita.ppv@gmail.com (Nikita Popov)

--001a11471934835a39054b8c4071
Content-Type: text/plain; charset=UTF-8

On Sat, Mar 25, 2017 at 3:25 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> Hi all,
>
> Since hash_hkdf() is in PHP 7.1.2, I start vote from today.
>
> Current hash_hkdf() function signature does not make sense.
>
>  - hash_hkdf() is simple hash_hmac() extension, yet it has totally
>    different signature.
>  - Return value is binary unlike other hash functions.
>  - The signature is insecure.
>
> https://wiki.php.net/rfc/improve_hash_hkdf_parameter
>
> Current signature is overly optimized very limited crypto operation
> and cannot be optimal by above reasons.
>
> Fortunately, almost all users are not using current hash_hkdf().
> It's only from 7.1.2 to 7.1.4 now. We should avoid yet another
> new inconsistent and insecure function. It would be better to be
> fixed ASAP, IMHO.
>
> Vote start: 2017-03-25
> Vote end: 2017-04-06 UTC 23:59:59
>

Voting against this because it introduces a BC break on a stable branch in
a point release. Of course I also disagree with the proposed change itself,
but this has already been extensively discussed in previous threads, and I
believe the BC break is sufficient grounds for rejection on its own.

I cannot, however, entirely refrain from pointing out the irony of making
all parameters but $length required, while $length is actually the one
parameter that any reasonable use of this function must specify: otherwise
you would depend on the digest size of the hash function magically
coinciding with the key length of your cipher (for example).

Nikita

--001a11471934835a39054b8c4071--