From 31436a486661cd863d4c77e40facf93fbb2d9f54 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 30 May 2023 11:32:57 +0900
Subject: [PATCH] admit to the existence of nuance in HKDF (#8987)

* admit to the existence of nuance in HKDF

* Update docs/hazmat/primitives/key-derivation-functions.rst

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---
 docs/hazmat/primitives/key-derivation-functions.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index ff9a5ba0ffe7..7c5c643e2218 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -460,7 +460,8 @@ HKDF
         to be secret, but may cause stronger security guarantees if secret; see
         :rfc:`5869` and the `HKDF paper`_ for more details. If ``None`` is
         explicitly passed a default salt of ``algorithm.digest_size // 8`` null
-        bytes will be used.
+        bytes will be used. See `understanding HKDF`_ for additional detail about
+        the salt and info parameters.
 
     :param bytes info: Application specific context information.  If ``None``
         is explicitly passed an empty byte string will be used.
@@ -1037,3 +1038,4 @@ Interface
 .. _`here`: https://stackoverflow.com/a/30308723/1170681
 .. _`recommends`: https://tools.ietf.org/html/rfc7914#section-2
 .. _`The scrypt paper`: https://www.tarsnap.com/scrypt/scrypt.pdf
+.. _`understanding HKDF`: https://soatok.blog/2021/11/17/understanding-hkdf/