jlaine
commented
6 years ago This is a little arcane for a "good first issue"!
From my reading so far, this is what I've come up with :
For most applications the shared_key should be passed to a key derivation function
in order to produce a key with the expected number of random bits, and to destroy
mathematical structure in the shared_key which might be used by an attacker.
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/x25519/#exchange-algorithm (and the same in the ECDH and FFDH docs)
We should a) include a KDF in the example, b) use more words to describe wtf we're saying about kdfs and better motivate the why