Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969386544 php.internals:98781 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67117 invoked from network); 13 Apr 2017 08:11:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Apr 2017 08:11:54 -0000 Authentication-Results: pb1.pair.com header.from=info@pieterhordijk.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=info@pieterhordijk.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain pieterhordijk.com from 185.78.96.68 cause and error) X-PHP-List-Original-Sender: info@pieterhordijk.com X-Host-Fingerprint: 185.78.96.68 mailsrv1.hostingfactory.nl Received: from [185.78.96.68] ([185.78.96.68:54543] helo=mailsrv1.hostingfactory.nl) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 10/1D-18853-7C23FE85 for ; Thu, 13 Apr 2017 04:11:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mailsrv1.hostingfactory.nl (Postfix) with ESMTP id 1AD9B1040642; Thu, 13 Apr 2017 10:11:42 +0200 (CEST) Received: from mailsrv1.hostingfactory.nl ([127.0.0.1]) by localhost (mailsrv1.hostingfactory.nl [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id g4sAykVulYHy; Thu, 13 Apr 2017 10:11:34 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailsrv1.hostingfactory.nl (Postfix) with ESMTP id B054B1040643; Thu, 13 Apr 2017 10:11:34 +0200 (CEST) X-Virus-Scanned: amavisd-new at mailsrv1.hostingfactory.nl Received: from mailsrv1.hostingfactory.nl ([127.0.0.1]) by localhost (mailsrv1.hostingfactory.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NUHPnhBtn318; Thu, 13 Apr 2017 10:11:34 +0200 (CEST) Received: from mailsrv1.hostingfactory.nl (mailsrv1.hostingfactory.nl [185.78.96.68]) by mailsrv1.hostingfactory.nl (Postfix) with ESMTP id 99A6A104063C; Thu, 13 Apr 2017 10:11:34 +0200 (CEST) Date: Thu, 13 Apr 2017 10:11:34 +0200 (CEST) To: Yasuo Ohgaki Cc: Joe Watkins , Andrey Andreev , internals@lists.php.net, phpdoc@lists.php.net Message-ID: <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> In-Reply-To: References: <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [185.78.96.68] X-Mailer: Zimbra 8.7.0_GA_1659 (ZimbraWebClient - GC57 (Win)/8.7.0_GA_1659) Thread-Topic: Improve hash_hkdf() parameter Thread-Index: MO6WhLVLjafRklb+kxNhEqAqd56PRg== Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter From: info@pieterhordijk.com (Pieter Hordijk) ----- Original Message ----- > From: "Yasuo Ohgaki" > To: "Joe Watkins" , "Andrey Andreev" > Cc: internals@lists.php.net > Sent: Thursday, April 13, 2017 1:07:19 AM > Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter > Hi Joe, >=20 > On Wed, Apr 12, 2017 at 7:46 PM, Joe Watkins wrot= e: >=20 >> This RFC was left open for 5 days past the end of voting as declared on >> the RFC. >> >=20 > Thank you, I forgot about this. > IMHO, it's a shame for us we should have inconsistent and insecure functi= on > signature for a new function. >=20 > I'm going to update the manual to add warning notes and example usages > like advanced CRFS token dedicated for specific URL with expiration time. >=20 > I can think of length option only usage, but I cannot think usage that co= uld > be useful for majority of PHP users like advanced CSRF token. Is this really something we need in our official docs instead of for exampl= e on a personal blog? To be honest I am afraid of ending up with something like the current state of the session docs. Which are imo way too broad / opinionated, non English= , contains utterly confusing examples and / or flat out wrong and broken exam= ples. Above already resulted in a stream of docs bugs regarding session pages and a lot of confused readers. By all means describe how functions work, but don't confuse readers with th= ings most people won't ever need or are better suited as a (series of) blog post= s /=20 Stack Overflow post(s). My =E2=82=AC0.02 cc-ing docs discussion to get them also involved in case somebody of the do= cs team has an opinion. > Andrey, >=20 > Could you give us some length only and length/info only example > that could be useful for most PHP users. > It should be safe and recommended usage. > I suppose you should have some good examples. >=20 > Thank you. >=20 > -- > Yasuo Ohgaki > yohgaki@ohgaki.net