Hi Scott and all,
On Thu, Feb 9, 2017 at 10:52 PM, Scott Arciszewski
wrote:
>
>
>> HKDF relies on PRK being cryptographically strong.
>>
>>
>
>
>
> Yes, but not for the reasons you might suspect.
>
> The main use case of HKDF is to completely prevent related-key attacks,
> while splitt
Results for project PHP master, build date 2017-02-08 20:28:50-08:00
commit: 4ec8066
previous commit:31332d0
revision date: 2017-02-08 01:10:54+01:00
environment:Haswell-EP
cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores,
stepping 2, LLC 45 MB
On Thu, Jan 19, 2017 at 6:18 AM, Ben RUBSON wrote:
> As proposed by cmb (thank you !), I open a discussion regarding req #65386 :
> https://bugs.php.net/bug.php?id=65386
>
> It summarizes requests around disable_functions directive :
> - modification of disable_functions to be a PHP_INI_SYSTEM dir
> On 19 Jan 2017, at 12:18, Ben RUBSON wrote:
>
> Hello,
>
> As proposed by cmb (thank you !), I open a discussion regarding req #65386 :
> https://bugs.php.net/bug.php?id=65386
>
> It summarizes requests around disable_functions directive :
> - modification of disable_functions to be a PHP_INI
On Thu, Feb 9, 2017 at 7:51 AM, Yasuo Ohgaki wrote:
> Hi Andrey,
>
> How the manual page would be. Would it be
>
> "Even though 'slat' is the last optional parameter that users may omit
> easily
> by mistake, users _must_ set strong salt for weak $ikm. This is
> mandatory
> requirement
Hi Andrey,
How the manual page would be. Would it be
"Even though 'slat' is the last optional parameter that users may omit
easily
by mistake, users _must_ set strong salt for weak $ikm. This is
mandatory
requirement for HKDF to work. In addition, it is advices to set salt
whenever
Hi Yasuo,
The fact that you continue to talk about passwords and other low-entropy
data as IKM shows, yet again, that you don't understand HKDF.
It is simply not a password-based KDF; if you want that - use PBKDF2.
Please read Section 4* of the spec:
https://tools.ietf.org/html/rfc5869.html#sectio
