On Sun, Feb 5, 2017 at 5:27 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> 2) Use 1) as ikm and "salt" to generate key (NOTE: One of the best place > for salt storage is $_ENV) BTW, better place to keep these secret values is to set key management server and get key from it. Secure the key management server and communication to it as much as possible. Those who are really care about security should use key management server. And don't forget to use salt with HKDF, it should be optional only if salt cannot be used. Before omitting "salt" for HKDF, one should consider how it can be set. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
