Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use a secure Key Derivation Function #5

Open
Mandragorian opened this issue Oct 5, 2016 · 0 comments
Open

Use a secure Key Derivation Function #5

Mandragorian opened this issue Oct 5, 2016 · 0 comments

Comments

@Mandragorian
Copy link
Member

Mandragorian commented Oct 5, 2016

In order to derive keys from shared secrets calculated during the DAKE and GKA we use a very simple and custom key derivation function.

While it is probably not insecure this is a bad practice and we should use a standardized KDF instead.

The best candidate is https://tools.ietf.org/html/rfc5869 since it is very simple and quite similar to what we already do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant