On Wed, Jan 11, 2017 at 2:24 PM, Andrey Andreev <n...@devilix.net> wrote:
> Hi all, > > There's a pending GitHub pull request of mine to include a HKDF > implementation into ext/hash. > Mostly anybody who saw it agreed that it probably doesn't require an RFC > vote, but I hadn't originally announced it here on the list either, so this > is what I'm doing now ... > > For technical details, I'd say it is best to read IETF RFC 5869, which > defines it, but here's the TL;DR version: > > - HKDF stands for "HMAC-based Key Derivation Function" > - Useful in constructing encryption schemes, most notably to derive > separate keys for encryption, authentication using only a single input key. > Unless you're doing that, you probably don't care about it. > - Unlike e.g. PBKDF2, it is supposed to be fast (as it's not a > password-based KDF), making it great for encryption/decryption on the fly > in web applications > > There's one thing that may be contentious - whether to call it hkdf() or > hash_hkdf(); > Should be definitely hash_hkdf as it's part of the hash extension (that's why hash prefix) and we might add openssl_hkdf that will use OpenSSL implementation added to 1.1 - it would also use OpenSSL implemention for underlaying hash implementation that is more powerful in some ways (e.g. ASM optimization of some main hash functions). Cheers Jakub
