X25519 Unlisted by -list_curves and Any Trusted Python Code for X, Y Coordinates
Hubert Kario
hkario at redhat.com
Thu Jan 2 10:21:11 UTC 2020
On Thursday, 26 December 2019 00:50:29 CET, Salz, Rich via openssl-users
wrote:
> * I want to us ECDSA for my Web server's SSL certificate
> via an ACME client to Let's Encrypt and maybe later BuyPass.
>
> That’s fine.
>
>
> * I thought that EC is better than RSA, but now I don't
> think so. The answer seems to be: it depends.
>
> There are trade-offs. The biggest one is that EC gives
> equivalent security with a much smaller keysize.
>
>
> * Safe Curves (SafeCurves:
> Introduction<https://urldefense.proofpoint.com/v2/url?u=https-3A__safecurves.cr.yp.to_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=FZ0AXmFqGUcUdZYm5wdvA4_d71tTi9iIRfHWFcL8wRo&s=ntsSs3tKgynp0pN2J8Yxf8Cd1wrWobKgA4jQ_PLgtPY&e=>)
> says …
>
> FWIW, SafeCurves is mostly the guy behind 25519 :) This is not
> a slam against djb, who’s kinda brilliant.
>
> If you’re not sure what to do, perhaps follow what the browsers
> do. That way if something’s wrong you’ll just be going up in
> flames with the rest of the world.
>
> If you don’t trust the NSA and therefore don’t trust NIST, do
> you accept AES? What about when they approve 25519?
there's also the difference between a "is the curve a safe generic
cryptographic
primitive?" and "is the curve safe when used in X.509 and TLS?"
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
More information about the openssl-users
mailing list