On Wed, Feb 8, 2017 at 4:16 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi Scott, > > There are applications that do not require salt. In this case, all users > has to do is > $salt = NULL > to omit $salt. > Great. On Wed, Feb 8, 2017 at 6:27 AM, Andrey Andreev <n...@devilix.net> wrote: > Hi, > > On Tue, Feb 7, 2017 at 10:22 PM, Scott Arciszewski <sc...@paragonie.com> > wrote: > >> >> >> Although the RFC itself says that salts are optional, the argument to >> make them required in PHP's implementation has merit. The only downside is: >> If you're integrating with an implementation that doesn't require salts, >> and the application doesn't use salts, you're out of luck. Is that enough >> of a downside to dismiss an argument for better security? Maybe. >> >> > I said this in another thread already, but I'll re-iterate here ... Using > a salt should be recommended, but the suggestion here takes that out of > context and misses a key point - that the Length and Info params are not of > any less importance overall. > > - Length is effectively the key size and is in fact not optional in > RFC5869*. You have to really know what you're doing if you don't use it, > and choose the hash function very carefully. I'd argue that if you know > this well enough, you'd also know what to do with Salt. > - Info is technically optional, but pretty much the feature why you'd > choose HKDF over other KDFs. It's what makes HKDF's more useful in that it > enables derivation of multiple OKMs from a single IKM. If you don't need > Info, chances are you don't need HKDF. > > One could use Salt for the purposes of Info, but that would be misusing > the algorithm. > Over-focusing on Section 3.1 of the specification, while at the same time > ignoring Section 3.2 - arbitrarily making OptionalParamX mandatory because > the note about it mentions the word "security". Noble, but misguided. > > I'd have no problem if ALL of the params were made non-optional - I'm all > for that, but either do that or leave it untouched. > > * RFC 5869: https://tools.ietf.org/html/rfc5869 > > Cheers, > Andrey. > Given everything discussed in this sub-thread so far, I would be in favor of making everything non-optional. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com/>
