- From: Acar, Tolga <tolga.acar@intel.com>
- Date: Mon, 1 Apr 2013 16:41:52 +0000
- To: Richard Barnes <rbarnes@bbn.com>, "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
You are not misreading. There is more than one difference between -108 and RFC 5869. In addition to your observation in the innermost loop computation, there are more differences. * -108 has a combined KDF whereas RFC5869 has a two-staged extract/expand approach. * The key length in the RFC is in number of bytes, while -108 uses bits for length. - Tolga > -----Original Message----- > From: Richard Barnes [mailto:rbarnes@bbn.com] > Sent: Monday, April 01, 2013 8:18 AM > To: public-webcrypto@w3.org Group > Subject: Potential contradiction in HKDF? > > The current description of HKDF says "the algorithm described in RFC 5869 > [RFC5869] and NIST SP 800-56C [SP800-56C], using HMAC in counter mode, as > described in Section 5.1 of NIST SP 800-108 [SP800-108]." > > However, it appears that the algorithm defined in RFC 5869 is different from > the algorithm described in Section 5.1 of SP800-108. To summarize the > difference: > > RFC 5869: K(i) := PRF(K_I, K(i-1) || info || i) > SP800-108: K(i) := PRF(K_I, i || Label || 0x00 || Context || L) > > Am I mis-reading these specs, or do we need to choose one or the other? > > --Richard
Received on Monday, 1 April 2013 16:42:22 UTC