Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969386566 php.internals:98869 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96928 invoked from network); 25 Apr 2017 00:29:34 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Apr 2017 00:29:34 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:39974] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A3/56-36901-8689EF85 for ; Mon, 24 Apr 2017 20:29:33 -0400 Received: (qmail 90864 invoked by uid 89); 25 Apr 2017 00:29:25 -0000 Received: from unknown (HELO mail-qt0-f179.google.com) (yohgaki@ohgaki.net@209.85.216.179) by 0 with ESMTPA; 25 Apr 2017 00:29:25 -0000 Received: by mail-qt0-f179.google.com with SMTP id c45so127957238qtb.1; Mon, 24 Apr 2017 17:29:25 -0700 (PDT) X-Gm-Message-State: AN3rC/5j+uGSVTmGZKwTdhaqrEadIXxBQb3Q1Gh5Cboaw0wLW+tkTxM2 akHTjhMttbO/oDKrNA0206Wzy3rdvg== X-Received: by 10.200.50.183 with SMTP id z52mr31079238qta.272.1493080158951; Mon, 24 Apr 2017 17:29:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.27.179 with HTTP; Mon, 24 Apr 2017 17:28:38 -0700 (PDT) In-Reply-To: References: <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> <690015854.1384408.1492163148986.JavaMail.zimbra@pieterhordijk.com> Date: Tue, 25 Apr 2017 09:28:38 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Andrey Andreev Cc: Niklas Keller , Pieter Hordijk , Joe Watkins , internals , phpdoc , Nikita Popov Content-Type: multipart/alternative; boundary=001a113a1dfa7edfea054df2d017 Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a113a1dfa7edfea054df2d017 Content-Type: text/plain; charset=UTF-8 Hi Andrey, On Sun, Apr 23, 2017 at 7:24 AM, Andrey Andreev wrote: > > You're tired? Yasuo, the reason why you're not receiving replies > unless you say "I'll commit in a few days if there are no more > comments" is because everybody is tired of talking to you. > > If you want examples, search GitHub for PHP code utilizing HKDF - you > will see that most projects use it without a salt, including > https://github.com/defuse/php-encryption - pretty much the best PHP > userspace crypto library today. And I'm only saying "most" because I > can't be bothered to go through literally all of them; I've found NONE > that do use the salt. > Wrong. I don't think the author wouldn't make such mistake, so I checked. /** * Derives authentication and encryption keys from the secret, using a slow * key derivation function if the secret is a password. * * @param string $salt * * @throws Ex\EnvironmentIsBrokenException * * @return DerivedKeys */ public function deriveKeys($salt) { if (Core::ourStrlen($salt) !== Core::SALT_BYTE_SIZE) { throw new Ex\EnvironmentIsBrokenException('Bad salt.'); } if ($this->secret_type === self::SECRET_TYPE_KEY) { $akey = Core::HKDF( Core::HASH_FUNCTION_NAME, $this->secret->getRawBytes(), Core::KEY_BYTE_SIZE, Core::AUTHENTICATION_INFO_STRING, $salt ); $ekey = Core::HKDF( Core::HASH_FUNCTION_NAME, $this->secret->getRawBytes(), Core::KEY_BYTE_SIZE, Core::ENCRYPTION_INFO_STRING, $salt ); return new DerivedKeys($akey, $ekey); } elseif ($this->secret_type === self::SECRET_TYPE_PASSWORD) { > You will also find zero projects using it for CSRF protection. > You obviously does not understand HKDF RFC at all. (And don't read my reply) It seems you consider HKDF as a specific KDF, but it is _not_. HKDF is designed as general purpose KDF. It is clearly stated in RFC 5869 4 . Applications of HKDF HKDF is intended for use in a wide variety of KDF applications. Just because you cannot think of how general purpose KDF could be used for other purposes, it does not mean it should not be used other purposes. Especially when it is designed for general purpose in the first place. The vote ended with 1 Yes (you) and 14 No; not a single person has > agreed with you so far, and most have explicitly stated strong > disagreement with your proposed changes. Yet you insist on pushing > your *personal opinion*, ignoring everybody else and acting as if ~80 > mails haven't already been exchanged. > > How is it even possible that you still believe that everybody is wrong > and you alone are right? Give it up already. Prove my idea in the manual (or my RFC) is wrong by logic, rather than FUD. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a113a1dfa7edfea054df2d017--