Hi Peiter, On Thu, Apr 13, 2017 at 5:11 PM, Pieter Hordijk <i...@pieterhordijk.com> wrote:
> To be honest I am afraid of ending up with something like the current state > of the session docs. Which are imo way too broad / opinionated, non > English, > contains utterly confusing examples and / or flat out wrong and broken > examples. > Above already resulted in a stream of docs bugs regarding session pages > and a lot of confused readers. > You may consider my opinion as my personal opinion. I don't know of other than me who had that opinion then. After our session discussion, it seems OWASP adopted most of discussed elements in their doc ;) https://www.owasp.org/index.php/Session_Management_Cheat_Sheet Regards, P.S. My opinion is based on RFC 5869. In addition, it's totally nonsense to me to have completely different signature for hash_hkdf(). See the difference hash_hmac() and hash_pbkdf2(). hash_pbkdf2() is older KDF function. I should have mention in the RFC :( -- Yasuo Ohgaki yohg...@ohgaki.net
