[RFC] Use HKDF to expand group strings

[eternaleye]

Watson Ladd said on the CFRG list that if I wrote the code and the text for this, it'd go in. This initial posting probably shouldn't go in as-is, for the following reasons:

• I do not know where the text of the draft is to make those changes
• The HKDF library I used was not detected properly by setup.py after I installed it with pip; as it's a single .py file, it may be worthwhile to simply vendor it in.
  • Do note, though, that when I manually put it in $PWD to run setup.py test, the tests passed.
• There are other cases beyond the group strings, such as transcript -> key, that really ought to use HKDF in my opinion.

Also, I go a bit beyond simply switching to HKDF - the commits are probably in ascending order of controversy.

Review would be greatly appreciated.

[warner]

Thanks for the patches! I've rebased some, fixed others, and added some new work on top, in PR #6. Let me know what you think. I ended up deleting the scalar-hasher entirely, and simplified the Group constructor a bit in the process.