rfc:improve_hash_hkdf_parameter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

rfc:improve_hash_hkdf_parameter [2017/03/24 23:54] yohgakirfc:improve_hash_hkdf_parameter [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 2: Line 2:
   * Version: 1.0   * Version: 1.0
   * Create Date: 2017-02-05   * Create Date: 2017-02-05
-  * Discussion Start: 2017-02-13+  * Discussion Start: 2017-03-26
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under Discussion+  * Status: Rejected
   * First Published at: http://wiki.php.net/rfc/improve_hash_hkdf_parameter   * First Published at: http://wiki.php.net/rfc/improve_hash_hkdf_parameter
  
Line 80: Line 80:
  
 Note: Only changed/added parts are described. Note: Only changed/added parts are described.
 +
 +
 +=== Short Rationale - security, parameter importance, hash_hmac() signature ===
  
 Insecure usage is easily possible with current signature. Insecure usage is easily possible with current signature.
 <code php> <code php>
-$key = hash_hkdf('sha256', $weak_key); // Generate secure $key!! <= This isn't secure at all w/o strong salt. +$key = hash_hkdf('sha256', $weak_key); // Generate insecure $key!! <= This isn't secure at all w/o strong salt. 
-$key = hash_hkdf('sha256', $weak_key, 80); // Generate even more secure $key!! <= Length does not add strength to OKM. +$key = hash_hkdf('sha256', $weak_key, 80); // Generate even more insecure $key!! <= Length does not add strength to OKM. 
-$key = hash_hkdf('sha256', $weak_key, 80, 'Admin'); // Generate even more secure $key only usable in 'Admin' context!! <= info does not add strength to OKM because it supposed to be non secret.+$key = hash_hkdf('sha256', $weak_key, 80, 'Admin'); // Generate even more insecure $key only usable in 'Admin' context!! <= info does not add strength to OKM because it supposed to be non secret.
 </code> </code>
  
Line 662: Line 665:
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
  
-None. hash_hkdf() is new function.+It is merged into PHP 7.1.2.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
  
-Next PHP 7.x+Next PHP 7.x and 7.1.x
  
 ===== RFC Impact ===== ===== RFC Impact =====
  
-None.+PHP 7.1.2/7.1.3 has hash_hkdf().
  
 ===== Open Issues ===== ===== Open Issues =====
Line 678: Line 681:
 ===== Unaffected PHP Functionality ===== ===== Unaffected PHP Functionality =====
  
-Nothing is affected. hash_hkdf() is new function does not affect any.+Other than hash_hkdf() signature and return value, nothing is affected.
  
 ===== Future Scope ===== ===== Future Scope =====
Line 687: Line 690:
 State whether this project requires a 2/3 State whether this project requires a 2/3
  
 +<doodle title="Fix hash_hkdf() signature and behavior" auth="yohgaki" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 +Vote start: 2017-03-26
 +Vote end: 2017-04-07 UTC 23:59:59
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
rfc/improve_hash_hkdf_parameter.1490399672.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools