Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:98710
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88004 invoked from network); 1 Apr 2017 02:51:47 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Apr 2017 02:51:47 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:43986] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 01/70-19101-0C51FD85 for <internals@lists.php.net>; Fri, 31 Mar 2017 21:51:46 -0500
Received: (qmail 17426 invoked by uid 89); 1 Apr 2017 02:51:41 -0000
Received: from unknown (HELO mail-qt0-f177.google.com) (yohgaki@ohgaki.net@209.85.216.177)
  by 0 with ESMTPA; 1 Apr 2017 02:51:41 -0000
Received: by mail-qt0-f177.google.com with SMTP id n21so79635988qta.1
        for <internals@lists.php.net>; Fri, 31 Mar 2017 19:51:39 -0700 (PDT)
X-Gm-Message-State: AFeK/H1booRdJ0xdfiG+a9CEX0tiEmzPJbgoiasFTv8PbF0zBxeh8kl7GV9qDw6fFn1AOn0kTreFdCMGpmSbQQ==
X-Received: by 10.237.33.137 with SMTP id l9mr6476907qtc.157.1491015093513;
 Fri, 31 Mar 2017 19:51:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.19.232 with HTTP; Fri, 31 Mar 2017 19:50:53 -0700 (PDT)
In-Reply-To: <CAGa2bXYFw6Uz9cLFM1QT9ULak9uJcM4mr0R59TEa0eYf-tAm+Q@mail.gmail.com>
References: <CAGa2bXbUYDgJxmmZfuS5ZbWCLjq0QPpDioM-zkU9j7EHA-D_ag@mail.gmail.com>
 <CAGa2bXZ9_DtktnGpX38DHUvEzU4=9wMc_23fKxudzZWZ49A+Hw@mail.gmail.com>
 <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> <CAGa2bXYFw6Uz9cLFM1QT9ULak9uJcM4mr0R59TEa0eYf-tAm+Q@mail.gmail.com>
Date: Sat, 1 Apr 2017 11:50:53 +0900
X-Gmail-Original-Message-ID: <CAGa2bXYnDgvsWi4kCdajnnQ-psCPThpLu3_EK_DprLWsX+UZ2A@mail.gmail.com>
Message-ID: <CAGa2bXYnDgvsWi4kCdajnnQ-psCPThpLu3_EK_DprLWsX+UZ2A@mail.gmail.com>
To: Stephen Reay <php-lists@koalephant.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1149d36800fcb7054c1201c3
Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a1149d36800fcb7054c1201c3
Content-Type: text/plain; charset=UTF-8

Hi all,

  - insecure signature (it ignores strong RFC 5689 recommendation)
s/RFC 5689/RFC 5869/

On Sat, Apr 1, 2017 at 11:27 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

>
> Given that the function is live in the wild, massively changing the order
>> of things and defaults is an instant red flag for myself, and I believe a
>> lot of other people.
>>
>
> Aside from it should not be merged into PHP 7.1 in the first place.
> There are only 2 (or 3) bug fix versions released. Fixing mistake ASAP is
> better. IMHO.
>
>
> To me this sounds more like an issue that could be relatively quickly
>> improved by a documentation update that highlights how to securely use the
>> function.
>>
>
> While documentation may work, it seems silly for me to write,
>
>   Even if "salt" is the last optional parameter, users must set
> appropriate "salt" whenever it is possible for maximum key security.
>

Another possible resolution could be reverting hash_hkdf() merge from 7.1
branch.
Basic hash_hkdf() operation could be done by hash_hmac() easily.

The merge should have had PHP RFC.
Reverting hash_hkdf() merge may work better.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a1149d36800fcb7054c1201c3--