Two words: rainbow tables. Salting makes it impossible to pre-compute rainbow tables for common inputs (e.g., passwords).
Now, this HKDF is not intended for use as a PBKDF, so the salt effectively adds no real value when the input key material is truly random/unpredictable by attackers, which it damned well ought to be. OTOH, if the IKM is weak, or if you don't know if it could be, then salting defeats rainbow tables. In other words: salting doesn't hurt, and might really help. Salting is good. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography