Hi Nikita,
OK I understand you are with Andrey.
On Sun, Feb 5, 2017 at 7:21 AM, Nikita Popov wrote:
> Suggesting to drop the length parameter from HKDF... Okay, that's where I
> draw the line. I've had enough of this farce. I've configured gmail to
> blackhole your mails and recommend anyone wh
On Sat, Feb 4, 2017 at 10:37 PM, Yasuo Ohgaki wrote:
> Hi Andrey,
>
> On Sun, Feb 5, 2017 at 6:19 AM, Andrey Andreev wrote:
>
>> On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote:
>>
>>> Hi Andrey,
>>>
>>> On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote:
>>>
Have *you* read anythin
Hi Andrey,
On Sun, Feb 5, 2017 at 6:19 AM, Andrey Andreev wrote:
> On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote:
>
>> Hi Andrey,
>>
>> On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote:
>>
>>> Have *you* read anything else in the RFC?
>>>
>>> The reason why its authors have to recomm
Hi again,
On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote:
> Hi Andrey,
>
> On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote:
>
>> Have *you* read anything else in the RFC?
>>
>> The reason why its authors have to recommend salt usage is because it is
>> *otherwise the only optional par
On Sun, Feb 5, 2017 at 5:27 AM, Yasuo Ohgaki wrote:
> 2) Use 1) as ikm and "salt" to generate key (NOTE: One of the best place
> for salt storage is $_ENV)
BTW, better place to keep these secret values is to set key management
server
and get key from it. Secure the key management server and com
Hi Andrey,
On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote:
> Have *you* read anything else in the RFC?
>
> The reason why its authors have to recommend salt usage is because it is
> *otherwise the only optional part of the algorithm*.
>
Nonsense. You misread the RFC and my mail.
Who store
Hi,
On Sat, Feb 4, 2017 at 7:49 PM, Yasuo Ohgaki wrote:
>
> On Sun, Feb 5, 2017 at 1:20 AM, Tom Worster wrote:
>
>> On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote:
>>
>> HKDF w/o salt is OK, but with salt, it's much stronger than w/o it.
>>>
>>
>> That's not correct.
>>
>> T
On Sun, Feb 5, 2017 at 2:49 AM, Yasuo Ohgaki wrote:
> There is something like a weird pattern to your attempts to help PHP
>> programmers use the wrong function for the job -- HKDF for passwords,
>> uniqid and mt_rand for unpredictable randoms.
>>
>
> Do you know uniqid()'s entropy is extremely w
On Sun, Feb 5, 2017 at 1:20 AM, Tom Worster wrote:
> On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote:
>
> HKDF w/o salt is OK, but with salt, it's much stronger than w/o it.
>>
>
> That's not correct.
>
> The salt defends against certain attacks on predictable input key
> mater
On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote:
HKDF w/o salt is OK, but with salt, it's much stronger than w/o it.
That's not correct.
The salt defends against certain attacks on predictable input key
material, i.e. weak passwords. But HKDF should not normally be used fo
10 matches
Mail list logo
