Consider Safe Prime Generation

[micchickenburger]

Safe primes are necessary for the Secure Remote Password Protocol (SRP6a), and the library we use comes with a few statically defined. Consider adding support for generating safe primes of arbitrary length.

In number theory, a prime number p is a Sophie Germain prime if 2p + 1 is also prime. The number 2p + 1 associated with a Sophie Germain prime is called a safe prime.

https://en.wikipedia.org/wiki/Safe_and_Sophie_Germain_primes

From Proton's blog discussing implementation:

To further protect against precomputation, we choose our own primes rather than those recommended by the TLS specification or otherwise commonly used, as these are large targets and almost certainly have been worked on by the world’s security services. We do this by choosing a random 2048-bit integer, setting the top bit to ensure it is large, and picking the first safe prime greater than or equal which has 2 as a generator of the whole group. By using safe primes, we are not vulnerable to backdoored primes(new window). The native (mobile) clients verify the safety of the primes before use, and we also cryptographically sign the moduli to prevent tampering.