This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
Untitled
editThe python example doesn't take into account some limitations over variables imposed by the RFC, such as length<=255*hash_len
, and both length
and ikm
mustn't be empty.
— Preceding unsigned comment added by Hackancuba (talk • contribs) 8 March 2017 (UTC)
The wikipedia page does not explain how HKDF works, or the steps performed within the algorithm. HappyDragon* (talk) 04:03, 18 August 2017 (UTC)
The python example also incorrectly concatenates the byte-value of "i" -- in my testing, it added the bytes for "[1]" (the ascii for the brackets plus the number in between). This should probably just be "t + info + chr(1+i)", also with bounds checking on lengths > 255 * hashlen as suggested above. (though the error resulting when it tries to generate chr(256) will provide bounds checking too. :) )) Dschuetz (talk) 18:23, 5 September 2018 (UTC)
- I don't like having code example without explaining HKDF() parameters first, in general, too. About some missing checks, you're right. However,
bytes([1])
is not"[1]"
, butb"\x01"
, unless you are using ~obsolete Python2 :) . Applying first two RFC test cases, testcases = [ ("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", 42, "077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5", "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"), ("000102030405060708090a0b0c0d0e0f" "101112131415161718191a1b1c1d1e1f" "202122232425262728292a2b2c2d2e2f" "303132333435363738393a3b3c3d3e3f" "404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f" "707172737475767778797a7b7c7d7e7f" "808182838485868788898a8b8c8d8e8f" "909192939495969798999a9b9c9d9e9f" "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 82, "06a6b88c5853361a06104c9ceb35b45c" "ef760014904671014a193f40c15fc244", "b11e398dc80327a1c8e7f78c596a4934" "4f012eda2d4efad8a050cc4c19afa97c" "59045a99cac7827271cb41c65e590e09" "da3275600c2f09b8367793a9aca3db71" "cc30c58179ec3e87c14c01d5c1f3434f" "1d87") ] for t in testcases: ikm, salt, info, l, prk, okm = [ bytes.fromhex(x) if isinstance(x, str) else x for x in t ] k = hkdf(l, ikm, salt, info) if k == okm: print("OK") else: print("FAIL")
- it passes. —Mykhal (talk) 20:55, 13 April 2021 (UTC)
Uses
editThe Uses section states: "To "extract" (condense/blend) entropy from a larger random source to provide a more uniformly unbiased and higher entropy", however, section 4 of the RFC is very clear that this is not possible (emphasis mine): "The extract step in HKDF can concentrate existing entropy but cannot amplify entropy" — Preceding unsigned comment added by ColinA3 (talk • contribs) 20:49, 9 May 2018 (UTC)
Example code
editI hope it's not too much to ask that contributors test the example code when editing it. The previous couple of edits were blatantly wrong. Ewx (talk) 19:18, 18 February 2022 (UTC)