Indirectly violates RFC5869 Section 2.3

This specification creates a situation that indirectly violates [RFC5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) Section 2.3](https://datatracker.ietf.org/doc/html/rfc5869#section-2.3).

In [Sender Key Derivation](https://github.com/discord/dave-protocol/blob/e4574a980b68df180a9e3ae504be0f04f41dd839/protocol.md#L365), the KeyRatchet is created based on a 16byte value, but when advancing the generation, a 32byte output is required to calculate the next internal state of the KeyRatchet. This violates the PRK requirements of RFC5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) Section 2.3.

> PRK      a pseudorandom key of at least HashLen octets

It's probably not a problem security-wise in this case, but some libraries check for this requirement and it's a pure inconvenience.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Indirectly violates RFC5869 Section 2.3 #2

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Indirectly violates RFC5869 Section 2.3 #2

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions