Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969386548 php.internals:98787 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10013 invoked from network); 13 Apr 2017 15:14:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Apr 2017 15:14:00 -0000 Authentication-Results: pb1.pair.com header.from=woutvangils@hotmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=woutvangils@hotmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain hotmail.com designates 40.92.11.69 as permitted sender) X-PHP-List-Original-Sender: woutvangils@hotmail.com X-Host-Fingerprint: 40.92.11.69 mail-oln040092011069.outbound.protection.outlook.com Received: from [40.92.11.69] ([40.92.11.69:48683] helo=NAM04-SN1-obe.outbound.protection.outlook.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 64/A4-11418-6B59FE85 for ; Thu, 13 Apr 2017 11:13:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=c7fdNoIgK85Jg1K3x7cPDiJGsD0xfcr8Ok9TCcg9xag=; b=ZLopwSCLXP7HvAlDPcyxjojKmPlee/9f/feqjQk09sV5eJ1vSE7HJp+jL2bfEtMo/KY10ZdNYcTNwUXteA2BmtX8BfNArUqsgjj2Aossk9Uu6Y9aJu1ZtbIn3Z7PAnGi4oVnSEnpAPkURt+rRLLBFpcxAZWqVeyrhM27lUVgSb0BrTq3s9BmmC8o8F9beWC5oA64jLYQzXKa0+u0sS5BbdtIQj7UXbkQzpkH3UztRlvHhGmC6nZqVINf4PI3aSA7043wzHzfi1GGIfjUOIbExd6Uxxsl2u8aswfffh5tM3clS1F1CAqSFxW9f2wWiDLN2lXf7Z9rtEgHcQqJtPeAgw== Received: from SN1NAM04FT010.eop-NAM04.prod.protection.outlook.com (10.152.88.59) by SN1NAM04HT141.eop-NAM04.prod.protection.outlook.com (10.152.88.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1019.14; Thu, 13 Apr 2017 15:13:55 +0000 Received: from SN1PR13MB0413.namprd13.prod.outlook.com (10.152.88.58) by SN1NAM04FT010.mail.protection.outlook.com (10.152.88.129) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1019.14 via Frontend Transport; Thu, 13 Apr 2017 15:13:55 +0000 Received: from SN1PR13MB0413.namprd13.prod.outlook.com ([10.163.201.143]) by SN1PR13MB0413.namprd13.prod.outlook.com ([10.163.201.143]) with mapi id 15.01.1034.013; Thu, 13 Apr 2017 15:13:55 +0000 To: Pieter Hordijk , Yasuo Ohgaki CC: Joe Watkins , Andrey Andreev , "internals@lists.php.net" , "phpdoc@lists.php.net" Thread-Topic: Improve hash_hkdf() parameter Thread-Index: MO6WhLVLjafRklb+kxNhEqAqd56PRsg7x7Jr Date: Thu, 13 Apr 2017 15:13:55 +0000 Message-ID: References: <0285A0ED-A39F-46C9-A927-3C786F2B256D@koalephant.com> ,<1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> In-Reply-To: <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> Accept-Language: nl-NL, en-US Content-Language: nl-NL X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: pthreads.org; dkim=none (message not signed) header.d=none;pthreads.org; dmarc=none action=none header.from=hotmail.com; x-incomingtopheadermarker: OriginalChecksum:32B9249565D57436106D498DF4C6C4F5B8B3A5C27BDE2A7E961DA7CEBD3E020B;UpperCasedChecksum:978789D41EE8A7F36FF118B6EC36F5B1A98CC04FBBE25A1BF84212FD96DF168B;SizeAsReceived:8706;Count:43 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [PWrEFdglLc+bWqgHZwd6p+AP1IEMaMcn] x-microsoft-exchange-diagnostics: 1;SN1NAM04HT141;5:+4DxCUGnVwegraJb4Fw0aOCMie6kRXjkaEY1OeW01EyqWe65+ZG+WcHBVK2OAe+0leGieOKrbbGWfY+Rfgj7DFrArsK0zuUSeHOF4spLNWEOjKb/Fln+8oXQaMA9M2n4IDWX0M+9nF8fmwFVewrcog==;24:4M4eoR/C+YXfrbu8Ooxv6OH6qR5A6BMwey8PvzMDgDVCwq1nPfp9813X/onRcFIYwG119ZO8da3X2cpZ4VWbWJQqtgbjVj5dz3Y0bj8sjmw=;7:CvObCWGX59bI+95IuaxiJUXkNt/9X/pbQ+ifnsDVnT2sE2NZMw26yEkAWrBzjxofsn10kJFm9JcTLyjYcQyJZFR29G/Inhc3YLaq7z7I3aktKYekfXQQsuuqVbehe/1agB6Y5OYU5bp1JuDlxg9ezb1eQJD73xGy6FHKbIencCFVOYhBw7+z7HjHjO5CRPU+wJ6GmVSKHaDFMoJptzhD3gC77gTIcFPD67/golLHTRD3vHxVD9a2oz6gtZYXlqPnW2v0F+gJCXsU4w2h0GdPazofoPW/By2jnnuYiP18niNtaZBXk15ynyjViWyl0FfB x-incomingheadercount: 43 x-eopattributedmessage: 0 x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:SN1NAM04HT141;H:SN1PR13MB0413.namprd13.prod.outlook.com;FPR:;SPF:None;LANG:en; x-ms-office365-filtering-correlation-id: dff9bc93-d268-4b18-051e-08d4827fb3c3 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322274)(1601125374)(1603101448)(1701031045);SRVR:SN1NAM04HT141; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(444000031);SRVR:SN1NAM04HT141;BCL:0;PCL:0;RULEID:;SRVR:SN1NAM04HT141; x-forefront-prvs: 02760F0D1C spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN1PR13MB04134D4E2C1BFD03223783D7BE020SN1PR13MB0413namp_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2017 15:13:55.2480 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT141 Subject: Re: Improve hash_hkdf() parameter From: woutvangils@hotmail.com (wout van gils) --_000_SN1PR13MB04134D4E2C1BFD03223783D7BE020SN1PR13MB0413namp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Kan iemand mij eindelijk eens uitschrijven.? ?? ________________________________ Van: Pieter Hordijk Verzonden: donderdag 13 april 2017 08:11 Aan: Yasuo Ohgaki CC: Joe Watkins; Andrey Andreev; internals@lists.php.net; phpdoc@lists.php.= net Onderwerp: [PHP-DOC] Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() paramete= r ----- Original Message ----- > From: "Yasuo Ohgaki" > To: "Joe Watkins" , "Andrey Andreev" > Cc: internals@lists.php.net > Sent: Thursday, April 13, 2017 1:07:19 AM > Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter > Hi Joe, > > On Wed, Apr 12, 2017 at 7:46 PM, Joe Watkins wrot= e: > >> This RFC was left open for 5 days past the end of voting as declared on >> the RFC. >> > > Thank you, I forgot about this. > IMHO, it's a shame for us we should have inconsistent and insecure functi= on > signature for a new function. > > I'm going to update the manual to add warning notes and example usages > like advanced CRFS token dedicated for specific URL with expiration time. > > I can think of length option only usage, but I cannot think usage that co= uld > be useful for majority of PHP users like advanced CSRF token. Is this really something we need in our official docs instead of for exampl= e on a personal blog? To be honest I am afraid of ending up with something like the current state of the session docs. Which are imo way too broad / opinionated, non English= , contains utterly confusing examples and / or flat out wrong and broken exam= ples. Above already resulted in a stream of docs bugs regarding session pages and a lot of confused readers. By all means describe how functions work, but don't confuse readers with th= ings most people won't ever need or are better suited as a (series of) blog post= s / Stack Overflow post(s). My =800.02 cc-ing docs discussion to get them also involved in case somebody of the do= cs team has an opinion. > Andrey, > > Could you give us some length only and length/info only example > that could be useful for most PHP users. > It should be safe and recommended usage. > I suppose you should have some good examples. > > Thank you. > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net --_000_SN1PR13MB04134D4E2C1BFD03223783D7BE020SN1PR13MB0413namp_--