> I haven't been able to find the beginning of this thread, so apologies > if I've misunderstood what this is for, but it _sounds_ like we're > re-inventing HKDF.
> I'd recommend reading the paper about HKDF. It stands out among crypto > papers for having a nice clear justification for each of its design > decisions, so you can see why they did it (very slightly) differently > than the various constructions proposed up-thread. Thanks Zooko I think HKDF instead of a single HMAC_SHA512 seams reasonable and something we should consider. I'll try to evaluate the implications of using HKDF over HMAC_SHA512 and will update the BIP if there are no concerns about it. </jonas>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
