Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969386561 php.internals:98849 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 37570 invoked from network); 22 Apr 2017 19:15:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Apr 2017 19:15:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:58610] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 58/15-65481-8BBABF85 for ; Sat, 22 Apr 2017 15:15:06 -0400 Received: (qmail 117159 invoked by uid 89); 22 Apr 2017 19:15:01 -0000 Received: from unknown (HELO mail-qt0-f175.google.com) (yohgaki@ohgaki.net@209.85.216.175) by 0 with ESMTPA; 22 Apr 2017 19:15:01 -0000 Received: by mail-qt0-f175.google.com with SMTP id y33so90197775qta.2; Sat, 22 Apr 2017 12:15:00 -0700 (PDT) X-Gm-Message-State: AN3rC/7HtBO3WbW79xrY8Rlc2Z+svYTjLu1RJg5TqorPyTX4K9msBNwY 3tWqTeyfv0O7C44G4a5XmBQQiUyTvA== X-Received: by 10.200.50.183 with SMTP id z52mr20767829qta.272.1492888494566; Sat, 22 Apr 2017 12:14:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.27.179 with HTTP; Sat, 22 Apr 2017 12:14:13 -0700 (PDT) In-Reply-To: References: <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> <690015854.1384408.1492163148986.JavaMail.zimbra@pieterhordijk.com> Date: Sun, 23 Apr 2017 04:14:13 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Pieter Hordijk Cc: Joe Watkins , Andrey Andreev , internals , phpdoc , Nikita Popov Content-Type: multipart/alternative; boundary=001a113a1dfa688f27054dc63094 Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a113a1dfa688f27054dc63094 Content-Type: text/plain; charset=UTF-8 Hi all, On Sat, Apr 15, 2017 at 9:17 AM, Yasuo Ohgaki wrote: > My opinions are either based on concrete logic or > recommendations based reliable sources. > > I improved hash_hkdf() manual farther more based on RFC 5869 descriptions. > https://gist.github.com/anonymous/ace4fa267f20041676f265fe58c3f1ea > > Please verify it again. > I would like to finish documentation. RFC 5869 clearly states HKDF is a generic key derivation function. Omitting salt when key does not have enough entropy is obvious bad practice or mistake. Even when key has enough entropy, long life key (IKM) requires good salt for the best key security. These could be understood from the RFC and other basic crypt theory. I'll commit the doc in a few days if there is no more comments on this. Andrey, (Or anyone who vote no for the PHP RFC) Could you show some good example hash_hkdf() usages that justify current function signature? I suppose you should have few common and good examples. I cannot think of any common/good example that uses length only or length/info only. No good example is shown so far. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a113a1dfa688f27054dc63094--