Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:98638
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 10306 invoked from network); 25 Mar 2017 22:05:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Mar 2017 22:05:02 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:43990] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 12/A0-33481-C89E6D85 for <internals@lists.php.net>; Sat, 25 Mar 2017 17:05:02 -0500
Received: (qmail 56359 invoked by uid 89); 25 Mar 2017 22:04:57 -0000
Received: from unknown (HELO mail-qt0-f169.google.com) (yohgaki@ohgaki.net@209.85.216.169)
  by 0 with ESMTPA; 25 Mar 2017 22:04:57 -0000
Received: by mail-qt0-f169.google.com with SMTP id x35so14550266qtc.2
        for <internals@lists.php.net>; Sat, 25 Mar 2017 15:04:56 -0700 (PDT)
X-Gm-Message-State: AFeK/H1cdntdOtpvXkBYS8pvDHyBzj/uKwsr07JxicUbAZPAEEhhdtsuuRCXljBMXPFEiNe0DsILRS45Xv2eKw==
X-Received: by 10.200.55.152 with SMTP id d24mr13928068qtc.1.1490479491068;
 Sat, 25 Mar 2017 15:04:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.19.232 with HTTP; Sat, 25 Mar 2017 15:04:10 -0700 (PDT)
In-Reply-To: <CAF+90c-v5zK-iXd80E4iAGut5ni4kLd_Lq1mE_d0RFeTZGewKA@mail.gmail.com>
References: <CAGa2bXbrX8P7tV06FTprskzn-o7C36U=6ZBW70umL-ZLfV6NfQ@mail.gmail.com>
 <CAF+90c-v5zK-iXd80E4iAGut5ni4kLd_Lq1mE_d0RFeTZGewKA@mail.gmail.com>
Date: Sun, 26 Mar 2017 07:04:10 +0900
X-Gmail-Original-Message-ID: <CAGa2bXbvB2ELuu0tXPUc-vDbHKVr9Q3JWYqznD9_tak_HFtXTg@mail.gmail.com>
Message-ID: <CAGa2bXbvB2ELuu0tXPUc-vDbHKVr9Q3JWYqznD9_tak_HFtXTg@mail.gmail.com>
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>, Andrey Andreev <narf@devilix.net>
Content-Type: multipart/alternative; boundary=001a113c5e729c4054054b954c35
Subject: Re: [PHP-DEV] [RFC] [VOTE] Improve hash_hkdf() parameter
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a113c5e729c4054054b954c35
Content-Type: text/plain; charset=UTF-8

Hi Nikita,

On Sat, Mar 25, 2017 at 8:17 PM, Nikita Popov <nikita.ppv@gmail.com> wrote:

> I cannot, however, entirely refrain from pointing out the irony of making
> all parameters but $length required, while $length is actually the one
> parameter that any reasonable use of this function must specify: otherwise
> you would depend on the digest size of the hash function magically
> coinciding with the key length of your cipher (for example).


"info" is the what HKDF makes most important because HMAC does not separate
'secret' (derivation KEY or salt) and 'info' (non secret context). I fail
to see the reason why "derivation KEY" being least important for generic
KEY derivation function.

I totally agree that 'modified length' is mandatory for 'specific crypto',
but they are very limited. "length" cannot be most used option with almost
all PHP applications. See list of possible PHP HKDF applications in the
RFC. I cannot agree opinion that 'length' is the most important HKDF
option. I could be wrong. Could you list applications that requires
modified hash length that could make it most important for PHP apps? I
didn't see any practical examples in discussion so far.

Since hash_hkdf() only exists in PHP 7.1.2/7.1.3, if we are going to fix
"insecure" and "inconsistent" signature, now is the only chance.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a113c5e729c4054054b954c35--