On Fri, Sep 15, 2017 at 6:06 AM, Yasuo Ohgaki wrote:
> On Wed, Sep 13, 2017 at 3:24 PM, Joe Watkins
> wrote:
>
>> This proposal was rejected.
>>
>> 6 months has not passed since it was rejected.
>>
>> There will be no vote on these proposals in the
On Wed, Sep 13, 2017 at 3:24 PM, Joe Watkins wrote:
> This proposal was rejected.
>
> 6 months has not passed since it was rejected.
>
> There will be no vote on these proposals in the near future.
>
> Please stop.
>
> Joe
>
Joe, you have great responsibility as RM for
This proposal was rejected.
6 months has not passed since it was rejected.
There will be no vote on these proposals in the near future.
Please stop.
Joe
On Tue, Sep 12, 2017 at 3:52 AM, Yasuo Ohgaki wrote:
> Hi all,
>
> hash_hkdf() discussion was mess, but it came to
Hi all,
hash_hkdf() discussion was mess, but it came to conclusion finally a while
ago.
Apparently, there are confused readers still. I discovered it in other
thread.
I would like to make it clear again what's wrong in the discussion.
If you think I was wrong about HKDF, you should read this.
Hi Niklas,
On Fri, Sep 8, 2017 at 7:27 PM, Yasuo Ohgaki wrote:
> Hi Niklas,
>
> On Fri, Sep 8, 2017 at 6:38 PM, Niklas Keller wrote:
>
>> I finally find out what's wrong.
>>>
>>
>> No, you didn't. You still want to use user-supplied passwords as IKM.
>>
Hi Niklas,
On Fri, Sep 8, 2017 at 6:38 PM, Niklas Keller wrote:
> I finally find out what's wrong.
>>
>
> No, you didn't. You still want to use user-supplied passwords as IKM. HKDF
> is not suited for that purpose.
>
Andrey and Nikita clearly misunderstood the RFC 5869.
This
>
> I finally find out what's wrong.
>
No, you didn't. You still want to use user-supplied passwords as IKM. HKDF
is not suited for that purpose.
> RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3
>
> In some applications, the input key material IKM may already be
> present
Hi all,
I finally find out what's wrong.
Andrey and Nikita, you missed
RFC 5689 - https://tools.ietf.org/html/rfc5869#section-3.3
In some applications, the input key material IKM may already be
present as a cryptographically strong key. In this case, one can skip the
extract part and
Hi Niklas,
On Fri, Sep 8, 2017 at 4:57 PM, Niklas Keller wrote:
> Note for others: "The extract step in HKDF can concentrate existing
>> entropy
>> but cannot amplify entropy." is not came from the RFC. If a RFC states
>> this I would be stunned. Please read on you'll see
>
> Note for others: "The extract step in HKDF can concentrate existing
> entropy
> but cannot amplify entropy." is not came from the RFC. If a RFC states
> this I would be stunned. Please read on you'll see the evidence.
>
This is ridiculous. Be stunned. It's right in the section about
Hi Andrey,
On Fri, Sep 8, 2017 at 8:14 AM, Andrey Andreev wrote:
> Hi,
>
> On Fri, Sep 8, 2017 at 12:32 AM, Yasuo Ohgaki wrote:
> >
> > The reason why latter is a lot more secure is related to Andrey's
> > misunderstanding.
> > He said "when ikm is
Hi,
On Fri, Sep 8, 2017 at 12:32 AM, Yasuo Ohgaki wrote:
>
> The reason why latter is a lot more secure is related to Andrey's
> misunderstanding.
> He said "when ikm is cryptographically strong, salt wouldn't add no more
> entropy.
> so salt does not matter". (not exact
Hi RMs,
I suppose nobody can give example(s) that justify current API.
I'll leave this issue to RMs decision, since I think this result in no
conclusion.
Please consider carefully if the current API should be kept or not.
I wrote summary for discussion for you.
Regards,
Misunderstandings
13 matches
Mail list logo