Hi, On Sat, Feb 4, 2017 at 1:01 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Did everyone understand why I propose salt as required parameter and > specify optional salt explicitly? > > I did, and I disagreed. > HKDF w/o salt is OK, but with salt, it's much stronger than w/o it. > In addition, most use case with PHP is something like as follows: > > 1. Get password hash for the user > 2. Generate new key with 1 using HKDF > 3. Use key produced by 2 for encryption/etc > > No it's not. That's the first thing *you* could think of, searching for a problem to solve with it. If you search for it on GitHub, you'll see the most common scenario is to derive a pair of keys for encryption and HMAC. (yes, there are PHP projects using it) Cheers, Andrey.
