Hi all, Since hash_hkdf() is in PHP 7.1.2, I start vote from today.
Current hash_hkdf() function signature does not make sense. - hash_hkdf() is simple hash_hmac() extension, yet it has totally different signature. - Return value is binary unlike other hash functions. - The signature is insecure. https://wiki.php.net/rfc/improve_hash_hkdf_parameter Current signature is overly optimized very limited crypto operation and cannot be optimal by above reasons. Fortunately, almost all users are not using current hash_hkdf(). It's only from 7.1.2 to 7.1.4 now. We should avoid yet another new inconsistent and insecure function. It would be better to be fixed ASAP, IMHO. Vote start: 2017-03-25 Vote end: 2017-04-06 UTC 23:59:59 Thank you for voting. <https://wiki.php.net/rfc/improve_hash_hkdf_parameter> -- Yasuo Ohgaki yohg...@ohgaki.net
