Hi Andrey, On Thu, Feb 9, 2017 at 7:59 PM, Andrey Andreev <n...@devilix.net> wrote:
> >> I suppose most developers will use 'length' for shorter length. >> i.e. Weaker output keys. If it's not too short, shorter key length works. >> >> > Shows that you shouldn't be trusted with anything related to cryptography > either. > I may be no cryptographer myself, but one thing I know for sure is that > shorter than required key lengths are *never* ok, and most encryption > algorithms have a *fixed* key length. > > Also, this is the last time I reply to you on this topic. You're just > impossible to reason with. > I think I finally understand what you don't understand. Please read "Current Status" section of the draft PHP RFC. https://wiki.php.net/rfc/improve_hash_hkdf_parameter#current_status hash_hkdf() is simple hash_hmac() extension, why should not hash_hkdf() have compatible signature with hash_hmac()? Aside from it, $salt is "key" in many cases. There is no reason "key" to be the last optional parameter. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
