On 05/27/2018 08:52 PM, sarn wrote:
On Monday, 28 May 2018 at 02:25:20 UTC, Adam Wilson wrote:
I like it. But it does require more space. We need three salts and
three lengths in the header. One for the PBKDF2 KDK, one for the MAC
key, and one for the encryption key.
HKDF-Expand doesn't need a salt. You just need one salt to make the KDK
(whether you use PBKDF2 or HKDF-Extract for that) and no extra salts for
deriving the encryption and MAC key.
Strictly speaking, it's is Optional but Strongly Recommended per RFC5869-3.1
The use case here is that this data is going into storage and that
storage is cheap. We don't have to be strict on our byte budget. :)
https://tools.ietf.org/html/rfc5869
https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_hkdf_md.html
SecureD is supposed to be "Crypto done right." So I might as well do it
right and follow the RFC.
--
Adam Wilson
IRC: LightBender
import quiet.dlang.dev;
