Re: [DRAFT] RFC - hash_pbkdf2 addition

From: Anthony Ferrara Date: Thu, 14 Jun 2012 11:08:22 +0000

Subject: Re: [DRAFT] RFC - hash_pbkdf2 addition

References: 1 2 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

Simon,

> I personally would rename the 2nd parameter to $data as this function is not
> only meant for creating secure hashes from passwords.

Well, I understand your sentiment. But PBKDF stands for Password Based
Key Derivation Function. Even the spec calls that parameter password:


PBKDF2 (P, S, c, dkLen)

   Options:        PRF        underlying pseudorandom function (hLen
                              denotes the length in octets of the
                              pseudorandom function output)

   Input:          P          password, an octet string
                   S          salt, an octet string
                   c          iteration count, a positive integer
                   dkLen      intended length in octets of the derived
                              key, a positive integer, at most
                              (2^32 - 1) * hLen

   Output:         DK         derived key, a dkLen-octet string


So in this case, I feel calling the parameter "password" is justified...

Thanks,

Anthony

Thread (3 messages)

Anthony FerraraThu, 14 Jun 2012 02:00:34 +0000
Simon SchickThu, 14 Jun 2012 08:27:16 +0000
Anthony FerraraThu, 14 Jun 2012 11:08:22 +0000

« previous	php.internals (#60821)	next »

From:	Anthony Ferrara	Date:	Thu, 14 Jun 2012 11:08:22 +0000
Subject:	Re: [DRAFT] RFC - hash_pbkdf2 addition
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message