Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98709 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 85572 invoked from network); 1 Apr 2017 02:28:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Apr 2017 02:28:16 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:43928] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 96/00-19101-D301FD85 for ; Fri, 31 Mar 2017 21:28:15 -0500 Received: (qmail 13643 invoked by uid 89); 1 Apr 2017 02:28:10 -0000 Received: from unknown (HELO mail-qt0-f173.google.com) (yohgaki@ohgaki.net@209.85.216.173) by 0 with ESMTPA; 1 Apr 2017 02:28:10 -0000 Received: by mail-qt0-f173.google.com with SMTP id i34so79463148qtc.0 for ; Fri, 31 Mar 2017 19:28:09 -0700 (PDT) X-Gm-Message-State: AFeK/H0T8+0qavHbhXUwTKgd5ezDmjziF08AUwRZ0bCPx1GkhFzWaFa7bxqsH2T7Y9KuLEPIy3An2g/LJ+AdGw== X-Received: by 10.200.56.162 with SMTP id f31mr5673199qtc.152.1491013683806; Fri, 31 Mar 2017 19:28:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.19.232 with HTTP; Fri, 31 Mar 2017 19:27:23 -0700 (PDT) In-Reply-To: <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> References: <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> Date: Sat, 1 Apr 2017 11:27:23 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Stephen Reay Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11409c16fa9438054c11acf2 Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11409c16fa9438054c11acf2 Content-Type: text/plain; charset=UTF-8 Hi Stephen, On Mon, Mar 27, 2017 at 1:09 PM, Stephen Reay wrote: > > It sounds to me like it is *possible* to currently use hash_hkdf() in a > secure manner, but that you (and some others?) feel the arg order and > default args are not conducive to safe/secure usage. > It's _possible_, of course. Problem is _new_ function has - insecure signature (it ignores strong RFC 5689 recommendation) - inconsistent signature and return value (hash() and hash_hmac()) - no major use(application) for PHP apps (Length has almost no use with PHP apps) If users would like to generate arbitrary length hash from existing hash value with _insecure_ way, they should use new SHA-3 standards, i.e. SHA-3 already has 2 SHAKE algorithms that generate arbitrary length hash value, SHAKE128(M, d) and SHAKE256(M, d). No reason to encourage less secure HKDF usage to obtain arbitrary length hash value. Current hash_hkdf() signature does not make much sense with regard to cryptographically, consistency and expected usage. Given that the function is live in the wild, massively changing the order > of things and defaults is an instant red flag for myself, and I believe a > lot of other people. > Aside from it should not be merged into PHP 7.1 in the first place. There are only 2 (or 3) bug fix versions released. Fixing mistake ASAP is better. IMHO. To me this sounds more like an issue that could be relatively quickly > improved by a documentation update that highlights how to securely use the > function. > While documentation may work, it seems silly for me to write, Even if "salt" is the last optional parameter, users must set appropriate "salt" whenever it is possible for maximum key security. for new function. Yes, if there are more secure defaults that would be nice, but that ship > has sailed, and the function was on it. Thank you for your comment. I would like to try to fix it at least. To avoid this kind of confusions, we are better to have RFC if there is strong objection. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11409c16fa9438054c11acf2--