Hi Andrey, On Sun, Apr 23, 2017 at 7:24 AM, Andrey Andreev <n...@devilix.net> wrote:
> > You're tired? Yasuo, the reason why you're not receiving replies > unless you say "I'll commit in a few days if there are no more > comments" is because everybody is tired of talking to you. > > If you want examples, search GitHub for PHP code utilizing HKDF - you > will see that most projects use it without a salt, including > https://github.com/defuse/php-encryption - pretty much the best PHP > userspace crypto library today. And I'm only saying "most" because I > can't be bothered to go through literally all of them; I've found NONE > that do use the salt. > Wrong. I don't think the author wouldn't make such mistake, so I checked. /** * Derives authentication and encryption keys from the secret, using a slow * key derivation function if the secret is a password. * * @param string $salt * * @throws Ex\EnvironmentIsBrokenException * * @return DerivedKeys */ public function deriveKeys($salt) { if (Core::ourStrlen($salt) !== Core::SALT_BYTE_SIZE) { throw new Ex\EnvironmentIsBrokenException('Bad salt.'); } if ($this->secret_type === self::SECRET_TYPE_KEY) { $akey = Core::HKDF( Core::HASH_FUNCTION_NAME, $this->secret->getRawBytes(), Core::KEY_BYTE_SIZE, Core::AUTHENTICATION_INFO_STRING, $salt ); $ekey = Core::HKDF( Core::HASH_FUNCTION_NAME, $this->secret->getRawBytes(), Core::KEY_BYTE_SIZE, Core::ENCRYPTION_INFO_STRING, $salt ); return new DerivedKeys($akey, $ekey); } elseif ($this->secret_type === self::SECRET_TYPE_PASSWORD) { > You will also find zero projects using it for CSRF protection. > You obviously does not understand HKDF RFC at all. (And don't read my reply) It seems you consider HKDF as a specific KDF, but it is _not_. HKDF is designed as general purpose KDF. It is clearly stated in RFC 5869 4 <https://tools.ietf.org/html/rfc5869#section-4>. Applications of HKDF HKDF is intended for use in a wide variety of KDF applications. Just because you cannot think of how general purpose KDF could be used for other purposes, it does not mean it should not be used other purposes. Especially when it is designed for general purpose in the first place. The vote ended with 1 Yes (you) and 14 No; not a single person has > agreed with you so far, and most have explicitly stated strong > disagreement with your proposed changes. Yet you insist on pushing > your *personal opinion*, ignoring everybody else and acting as if ~80 > mails haven't already been exchanged. > > How is it even possible that you still believe that everybody is wrong > and you alone are right? Give it up already. Prove my idea in the manual (or my RFC) is wrong by logic, rather than FUD. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
