Newsgroups: php.doc,php.internals Path: news.php.net Xref: news.php.net php.doc:969386584 php.internals:98991 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46406 invoked from network); 9 May 2017 22:13:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 May 2017 22:13:02 -0000 Authentication-Results: pb1.pair.com smtp.mail=derokorian@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=derokorian@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.54 as permitted sender) X-PHP-List-Original-Sender: derokorian@gmail.com X-Host-Fingerprint: 209.85.218.54 mail-oi0-f54.google.com Received: from [209.85.218.54] ([209.85.218.54:34800] helo=mail-oi0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 46/D0-41573-DEE32195 for ; Tue, 09 May 2017 18:13:02 -0400 Received: by mail-oi0-f54.google.com with SMTP id b204so16694205oii.1; Tue, 09 May 2017 15:13:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2MZAIT/5/EZUcpccHW3X9LfXzMuNbBxiLrw6AAaZFOw=; b=a0H7MdSt8jO7ZvSERNJqYx600Fd6ivzW/hhqUBbD39h0b2cxj2P7g6SCZMcYlFUtSe UdZDheoAfj4zTC1ZOYISqiLn/X/6Cq2s6xp6mdYbpZZylmi2gtXmwHbCa7SC3AOu4wjk 3exdLX93o2QFWme58VLXbEVfCUHWUwjdrqtRiBq0hqkAPAWs0GBgtmHygmaUsqAT6FrY mGtAg3kqOQm7s3zdpt7NnqqbHrzR3jFcyhmPddbsZ4jtEiHfHVKycWjw5J4/FgcjxiTc xr6f3OfVv73VFbbg9iOP4NTQFp85+34kxUnWD+cb5krG1cdnR4YhFpw9WQuApf62O6Qm eiFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2MZAIT/5/EZUcpccHW3X9LfXzMuNbBxiLrw6AAaZFOw=; b=JjxXUDaL4yyEoZC1CCL1gOLgE6nZxWMpifKmxl0KvsO5eASKBgWTY1lV/P3b2Nu3G1 l2jPrHbup35PfVXlOuAXO/U33LTc0CerE/CHgxF1l8CDz2uGmKaGYnAzzgSz7RinQRkW EPzv/3t6uGykV276QoJrTKZ1Q2riJXpu7hxh2WJyhwDR7u48ao/E8daYkR85I6hk0WQL i6R36J7kOJC2FslzMBqT9mbFU0IFy513k30Wo0il8KNp88GgfqB9J661s4MVInyryyMR 1PxZdzjuK24NEaleSOGfaQ8u5P0CajslL/VcbxHUSyazsZ7Hh1W86YgUjQJrAKfsAxaT MnIw== X-Gm-Message-State: AODbwcDnf3CwIcwI6ocv62hla8ZEIzeUxuO/CmNoo0HX3qPSs7q0DzfZ ZVNbD/2NvxcViTsg4lgwF+DW+Uowgg== X-Received: by 10.157.1.149 with SMTP id e21mr1073339ote.56.1494367979385; Tue, 09 May 2017 15:12:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.40.87 with HTTP; Tue, 9 May 2017 15:12:58 -0700 (PDT) Received: by 10.157.40.87 with HTTP; Tue, 9 May 2017 15:12:58 -0700 (PDT) In-Reply-To: References: <1924612862.1298112.1492071094545.JavaMail.zimbra@pieterhordijk.com> <690015854.1384408.1492163148986.JavaMail.zimbra@pieterhordijk.com> Date: Tue, 9 May 2017 16:12:58 -0600 Message-ID: To: Yasuo Ohgaki Cc: Pieter Hordijk , PHP Documentation ML , Niklas Keller , Andrey Andreev , Nikita Popov , Joe Watkins , internals Content-Type: multipart/alternative; boundary=94eb2c0cc5d0933872054f1ea8a0 Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter From: derokorian@gmail.com (Ryan Pallas) --94eb2c0cc5d0933872054f1ea8a0 Content-Type: text/plain; charset=UTF-8 On May 9, 2017 15:46, "Yasuo Ohgaki" wrote: Hi Andrey, On Sun, Apr 30, 2017 at 8:26 AM, Yasuo Ohgaki wrote: > On Sun, Apr 30, 2017 at 8:14 AM, Yasuo Ohgaki wrote: > >> I don't need your view of HKDF RFC or usage, but I do need good practical >> examples that justify your point of view. Please don't waste of your/my >> time, >> just give some good examples in next reply. Thanks. >> > > BTW, valid (yet not common/proper) example that I can think of is, > > $strong_512bit_key = random_bytes(64); > $strong_256bit_key = hash_hkdf('sha3-512', $strong_512bit_key, 32); > ?> > > while it does not even require HKDF, though. > > $strong_512bit_key = random_bytes(64); > $strong_256bit_key = hash('sha3-256', $strong_512bit_key); > ?> > > should be good enough. > > Even with "Info", following HMAC is enough. > > $strong_512bit_key = random_bytes(64); > $strong_256bit_key = hash_hmac('sha3-256', $strong_512bit_key, $some_info); > ?> > I'm only asking examples for long enough time. I presume you cannot think of any valid and good example that justify current hash_hkdf() signature. Dude, he doesnt have to provide anything. The proposal was turned down unanimously. Why do you keep sending mail after mail on this? Also, try sending one mail instead of many when replying. Also, consider that the likelihood of changing minds is now far gone as continuing this thread without modifying your stance just biases people more against it. Then documentation must stress not to use hash_hkdf() only with "length" and "length/info". Regards, P.S. Draft doc patch is this. (Not updated yet) https://gist.github.com/anonymous/ace4fa267f20041676f265fe58c3f1ea -- Yasuo Ohgaki yohgaki@ohgaki.net --94eb2c0cc5d0933872054f1ea8a0--