> > Hi all, > > Since hash_hkdf() is in PHP 7.1.2, I start vote from today. > > Current hash_hkdf() function signature does not make sense. > > - hash_hkdf() is simple hash_hmac() extension, yet it has totally > different signature. > - Return value is binary unlike other hash functions. > - The signature is insecure. > > https://wiki.php.net/rfc/improve_hash_hkdf_parameter > > Current signature is overly optimized very limited crypto operation > and cannot be optimal by above reasons. > > Fortunately, almost all users are not using current hash_hkdf(). > It's only from 7.1.2 to 7.1.4 now. We should avoid yet another > new inconsistent and insecure function. It would be better to be > fixed ASAP, IMHO. > > Vote start: 2017-03-25 > Vote end: 2017-04-06 UTC 23:59:59 > > Thank you for voting. > <https://wiki.php.net/rfc/improve_hash_hkdf_parameter> > -- > Yasuo Ohgaki > yohg...@ohgaki.net >
Please don't forget to update https://wiki.php.net/rfc next time. Fixed that for now. Regards, Niklas
