Stephan Mueller <smueller@xxxxxxxxxx> wrote: > With the new DH support for the key retention service, support for DH derived > keys pops up. > > The implementation in security/keys/dh.c returns the DH shared secret straight > to the user space caller. > > I implemented a KDF with that exact scenario already in mind: [1]. > > I am wondering whether the shared secret should be processed by a KDF before > returning the data to user space? > > [1] http://www.chronox.de/kdf.html Adding Mat to the cc list. If we want to modify the new DH keyctl, we have a very short time window in which to do so. David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html