Hi all,
On Sun, Mar 26, 2017 at 7:29 AM, Yasuo Ohgaki wrote:
> I suggest you to disclose the reason why against this change.
> Otherwise, you may be considered you don't understand crypto basic.
> i.e. HKDF(IKM) security depends on PRK being secure. To make PRK
> secure or more secure, "salt" pa
>
> I'll try to explain a bit more by examples.
>
Hi Yasuo,
It sounds to me like it is *possible* to currently use hash_hkdf() in a secure
manner, but that you (and some others?) feel the arg order and default args are
not conducive to safe/secure usage.
Given that the function is live in t
