MediaWiki master
MWCryptHKDF.php File Reference

Extract-and-Expand Key Derivation Function (HKDF). More...

Go to the source code of this file.


class  MWCryptHKDF

Detailed Description

Extract-and-Expand Key Derivation Function (HKDF).

A cryptographically secure key expansion function based on RFC 5869.

This relies on the secrecy of $wgSecretKey (by default), or $wgHKDFSecret. By default, sha256 is used as the underlying hashing algorithm, but any other algorithm can be used. Finding the secret key from the output would require an attacker to discover the input key (the PRK) to the hmac that generated the output, and discover the particular data, hmac'ed with an evolving key (salt), to produce the PRK. Even with md5, no publicly known attacks make this currently feasible.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Chris Steipp

Definition in file MWCryptHKDF.php.