Hi all, There's a pending GitHub pull request of mine to include a HKDF implementation into ext/hash. Mostly anybody who saw it agreed that it probably doesn't require an RFC vote, but I hadn't originally announced it here on the list either, so this is what I'm doing now ...
For technical details, I'd say it is best to read IETF RFC 5869, which defines it, but here's the TL;DR version: - HKDF stands for "HMAC-based Key Derivation Function" - Useful in constructing encryption schemes, most notably to derive separate keys for encryption, authentication using only a single input key. Unless you're doing that, you probably don't care about it. - Unlike e.g. PBKDF2, it is supposed to be fast (as it's not a password-based KDF), making it great for encryption/decryption on the fly in web applications There's one thing that may be contentious - whether to call it hkdf() or hash_hkdf(); there are valid reasons for both and that's what I'd like to discuss mostly, as everything else boils down to just a tumbs up/down for the entire thing. But of course, I appreciate all feedback. :) GitHub PR: https://github.com/php/php-src/pull/1105 IETF RFC: https://tools.ietf.org/html/rfc5869 P.S.: The PR was submitted a long time ago - almost 2 years - thanks to Joe for bumping it up. Cheers, Andrey.
