Open bjoerntm opened 7 years ago
We can use the lowermost 1024 bits in the 2048-bit group and still get almost 512 bits of security in extraction. (This has to be checked carefully for each group and should probably be a parameter.)
If we introduce cipher suites generically, we should in particular get rid of the MINIMUM_KEY_LENGTH_IN_BYTES = 64
in the class api.keyexchage.Key, since this is to be determined by the cipher suite.
Extraction should be an explicit step; the DH key exchange can dump the full DH key, and then we use a, e.g., PostfixExtractor that only uses the lowermost bits.
We currently do ad-hoc key derivation for finite field DH.
Going forward, we should probably devise cipher suites that consist of appropriate methods for, e.g., key exchange and key derivation, so that one can simply choose a given cipher suite for a certain security level. (Basically: certain cryptographic schemes of appropriate security levels bundled together.)