[Esapi-user] Feedback wanted -- Proposal for addressing recommendations for ESAPI's KDF (Google Issue #198)

Kevin W. Wall kevin.w.wall at gmail.com
Tue Jan 18 20:31:53 EST 2011

On 01/14/2011 01:21 AM, Kevin W. Wall wrote:
> [Here's the discussion that I mentioned (threatened?) that I would
> post a few days ago. Like most of my ramblings, it is rather lengthy
> so it is best read with a double shot of espresso followed by a
> Red Bull chaser.]
> Both the NSA and Jeff Walton reviewed ESAPI 2.0's Key Derivation
> Function (KDF), CryptoHelper.computeDerivedKey().

Since no one other than Jim Manico even replied to this (and all
Jim said was that it made his head hurt ;-), I'm assuming that
all of you are semi-comatose after reading it or the caffeine
dose was not sufficient for the counteract the attack of
narcolepsy that onset you while attempting to read it.

Anyway, since no one explicitly even mildly objected, I am going
ahead with my plans that I detailed in the email. If you meant to
respond and didn't, tough! That's what's you get for hitting the
snooze button so many times on your alarm clock.

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the Esapi-user mailing list