subject:"\[PHP\-DEV\] Re\: hash_hkdf\(\) signature and return value"

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-14 Thread Yasuo Ohgaki

On Fri, Sep 15, 2017 at 6:06 AM, Yasuo Ohgaki wrote: > On Wed, Sep 13, 2017 at 3:24 PM, Joe Watkins > wrote: > >> This proposal was rejected. >> >> 6 months has not passed since it was rejected. >> >> There will be no vote on these proposals in the

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-14 Thread Yasuo Ohgaki

On Wed, Sep 13, 2017 at 3:24 PM, Joe Watkins wrote: > This proposal was rejected. > > 6 months has not passed since it was rejected. > > There will be no vote on these proposals in the near future. > > Please stop. > > Joe > Joe, you have great responsibility as RM for

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-13 Thread Joe Watkins

This proposal was rejected. 6 months has not passed since it was rejected. There will be no vote on these proposals in the near future. Please stop. Joe On Tue, Sep 12, 2017 at 3:52 AM, Yasuo Ohgaki wrote: > Hi all, > > hash_hkdf() discussion was mess, but it came to

[PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-11 Thread Yasuo Ohgaki

Hi all, hash_hkdf() discussion was mess, but it came to conclusion finally a while ago. Apparently, there are confused readers still. I discovered it in other thread. I would like to make it clear again what's wrong in the discussion. If you think I was wrong about HKDF, you should read this.

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Yasuo Ohgaki

Hi Niklas, On Fri, Sep 8, 2017 at 7:27 PM, Yasuo Ohgaki wrote: > Hi Niklas, > > On Fri, Sep 8, 2017 at 6:38 PM, Niklas Keller wrote: > >> I finally find out what's wrong. >>> >> >> No, you didn't. You still want to use user-supplied passwords as IKM. >>

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Yasuo Ohgaki

Hi Niklas, On Fri, Sep 8, 2017 at 6:38 PM, Niklas Keller wrote: > I finally find out what's wrong. >> > > No, you didn't. You still want to use user-supplied passwords as IKM. HKDF > is not suited for that purpose. > Andrey and Nikita clearly misunderstood the RFC 5869. This

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Niklas Keller

> > I finally find out what's wrong. > No, you didn't. You still want to use user-supplied passwords as IKM. HKDF is not suited for that purpose. > RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3 > > In some applications, the input key material IKM may already be > present

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Yasuo Ohgaki

Hi all, I finally find out what's wrong. Andrey and Nikita, you missed RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3 In some applications, the input key material IKM may already be present as a cryptographically strong key. In this case, one can skip the extract part and

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Yasuo Ohgaki

Hi Niklas, On Fri, Sep 8, 2017 at 4:57 PM, Niklas Keller wrote: > Note for others: "The extract step in HKDF can concentrate existing >> entropy >> but cannot amplify entropy." is not came from the RFC. If a RFC states >> this I would be stunned. Please read on you'll see

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Niklas Keller

> > Note for others: "The extract step in HKDF can concentrate existing > entropy > but cannot amplify entropy." is not came from the RFC. If a RFC states > this I would be stunned. Please read on you'll see the evidence. > This is ridiculous. Be stunned. It's right in the section about

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-08 Thread Yasuo Ohgaki

Hi Andrey, On Fri, Sep 8, 2017 at 8:14 AM, Andrey Andreev wrote: > Hi, > > On Fri, Sep 8, 2017 at 12:32 AM, Yasuo Ohgaki wrote: > > > > The reason why latter is a lot more secure is related to Andrey's > > misunderstanding. > > He said "when ikm is

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-07 Thread Andrey Andreev

Hi, On Fri, Sep 8, 2017 at 12:32 AM, Yasuo Ohgaki wrote: > > The reason why latter is a lot more secure is related to Andrey's > misunderstanding. > He said "when ikm is cryptographically strong, salt wouldn't add no more > entropy. > so salt does not matter". (not exact

[PHP-DEV] Re: hash_hkdf() signature and return value

2017-09-07 Thread Yasuo Ohgaki

Hi RMs, I suppose nobody can give example(s) that justify current API. I'll leave this issue to RMs decision, since I think this result in no conclusion. Please consider carefully if the current API should be kept or not. I wrote summary for discussion for you. Regards, Misunderstandings

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

[PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

Re: [PHP-DEV] Re: hash_hkdf() signature and return value

[PHP-DEV] Re: hash_hkdf() signature and return value

13 matches

Site Navigation

Mail list logo

Footer information