[openssl-users] Lattice Ciphers
Colony.three
colony.three at protonmail.ch
Mon Dec 18 16:26:21 UTC 2017
>> Okay, FF does ECDHE not DHE/EDH. The whole industry does that, and most are using X25519 which was developed by Dan Bernstein.
>
> FF [claims it does DHE/EDH](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29), but it does not actually, in practice. It does either EC, or RSA. I've tested it. (v52) This does not look like an accident.
>
>> The Guardian article you referenced didn’t even have the word curve in it. My question – do you have a reference that shows Schneier says not to use elliptic curve – was not answered.
>
> You don't have to read the article if you don't want to.
> "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
>
>> - The NSA actually provided the elliptic curves for NIST's standards. And the Snowden docs now show that those curves are related.
>>
>> No they do not show that the curves are related. And BTW, NIST just put 25519 and 448 into their recommended list.
>
> By its nature (secrecy), nothing public will prove the curves are related. But Snowden documents show that they are. And related curves have an inherent shortcut to cracking, which any well-funded haqxor or state-sponsored entity will have access to.
>
> From: noloader at gmail.com
>
>>> Later I realized that was the best warning Google and Schmidt could
>>> give. He basically told you government has infiltrated their systems,
>>> and you should avoid their systems if security and privacy matters.
>
> What great PR, that it's become almost instinctive for people to ascribe benevolance to G**gle. I believe that Schmidt was telling us his true position though.
>
> The one I am angry with is Mozilla, for not giving us a choice. Chrome is a choice?! Safari is a choice?! IE is a choice?! No. They are not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171218/c44d3e97/attachment.html>
More information about the openssl-users
mailing list