On Monday, 28 May 2018 at 06:22:02 UTC, Adam Wilson wrote:
On 05/27/2018 08:52 PM, sarn wrote:
On Monday, 28 May 2018 at 02:25:20 UTC, Adam Wilson wrote:
I like it. But it does require more space. We need three
salts and three lengths in the header. One for the PBKDF2
KDK, one for the MAC key, and one for the encryption key.
HKDF-Expand doesn't need a salt. You just need one salt to
make the KDK (whether you use PBKDF2 or HKDF-Extract for that)
and no extra salts for deriving the encryption and MAC key.
Strictly speaking, it's is Optional but Strongly Recommended
per RFC5869-3.1
There's HKDF-Expand and there's HKDF-Extract. HKDF-Extract takes
an optional salt and HKDF-Expand doesn't use a salt at all (take
a closer look at that RFC). That OpenSSL routine is the
combination of the two, so that's why it takes the salt.