Add an optional reading involving a critical analysis of KDFs

website/index.html

@@ -216,6 +216,7 @@
 							<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Ian Martiny, Gabriel Kaptchuk, Adam Aviv, Dan Roche and Eric Wustrow, <a href="papers/#sealed-sender"><em>Improving Signal's Sealed Sender</em></a>, Network and Distributed Systems Security Symposium, 2021.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Henry de Valence, <a href="https://hdevalence.ca/blog/2020-10-04-its-25519am/"><em>It's 255:19AM. Do you know what your validation criteria are?</em></a>, hdevalence.ca, 2020.</li>
+							<li><i class="icon ph-duotone ph-scroll"></i>Matilda Backendal, Sebastian Clermont, Marc Fischlin and Felix Günther, <a href="papers/#no-salt"><em>Key Derivation Functions Without a Grain of Salt</em></a>, IACR Eurocrypt, 2025.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Nadhem J. Alfardan and Kenneth G. Paterson, <a href="papers/#lucky-thirteen"><em>Lucky Thirteen: Breaking the TLS and DTLS Record Protocols</em></a>, IEEE Symposium on Security and Privacy, 2013.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Whitfield Diffie and Martin E. Hellman, <a href="papers/#diffie-hellman"><em>New Directions in Cryptography</em></a>, IEEE Transactions on Information Theory, 1976.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/#group-chats"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
@@ -519,6 +520,7 @@
 								<li><i class="icon ph-duotone ph-scroll"></i>Nikita Borisov, Ian Goldberg and Eric Brewer, <a href="papers/#otr-messaging"><em>Off-the-Record Communication, or, Why Not To Use PGP</em></a>, Workshop on Privacy in the Electronic Society, 2004.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#sigma-ake"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#hkdf-scheme"><em>Cryptographic Extraction and Key Derivation: The HKDF Scheme</em></a>, IACR Crypto, 2010.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Matilda Backendal, Sebastian Clermont, Marc Fischlin and Felix Günther, <a href="papers/#no-salt"><em>Key Derivation Functions Without a Grain of Salt</em></a>, IACR Eurocrypt, 2025.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Joseph Bonneau and Andrew Morrison, <a href="papers/#otr-analysis"><em>Finite-State Security Analysis of OTR Version 2</em></a>, Stanford Computer Security Laboratory, 2006.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, <a href="papers/#signal-analysis"><em>Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach</em></a>, IEEE European Symposium on Security and Privacy, 2017.</li>