The HMAC construction is not necessary for key derivation, but both methods are wrong if K is large (in size and entropy) and security requirements dictate that a derived key must have more entropy than 2^(blocksize). This is a persistently misunderstood issue. Hilarie