[openssl-users] Lattice Ciphers

Colony.three colony.three at protonmail.ch
Mon Dec 18 06:38:51 UTC 2017 

> - I find that Firefox refuses to do any ephemeral ciphers whatsoever.  What the heck?  Why am I surprised.  Somebody paid them.
>
> I don’t know what server you are testing against, but FF does ECDHE all the time with no problems.

I should have said, "I find that Firefox refuses to do any ephemeral ciphers whatsoever, which are not elliptic curve. (referring to DHE, EDH, et al)  What the heck?  Why am I surprised.  Somebody paid them.   Firefox insists on EC."

> - If you follow Schnieder, elliptic curve is not an option.
>
> That’s interesting, you have a reference for that?

Certainly.  Below.

> - I know you guys are severely underfunded, but is there any chance that lattice encryption will be coming soon?  I've searched until my face turned blue.
>
> We will most likely follow the IETF recommendation and see what the NIST post-quantum work comes up with.  That’s my personal opinion, not necessarily that of the whole time.

In August 2015, the NSA announced that it is planning to introduce a list of approved crypto methods that would resist quantum computers.  In April 2017, NIST naturally followed suit, starting a public vetting process which will last 4 to 6 years.  Needless to say, I am hoping that there will be lattice open-source alternatives which are not based on NIST algos.  I do enterprise infosec, and if the NSA can do it, KGB probably has similar methods, not to mention Russian, Israeli, & Chinese haqxors, the Norks, corporate operations, and so on.  Any crypto weakening, whether through flaw or Intent, is the wrong thing.

G**gle's [Eric Schmidt says](https://en.wikipedia.org/wiki/Eric_Schmidt#Privacy), "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.  This is a profoundly undemocratic attitude.  What would Thomas Paine, or Ben Franklin, or Patrick Henry say to this?

> On Sun, Dec 17, 2017 at 3:58 PM, Salz, Rich via openssl-users
>
> openssl-users at openssl.org wrote:
>
>>> If you follow Schnieder, elliptic curve is not an option.
>>
>> That’s interesting, you have a reference for that?
>>
>> I'm guessing OP's referring to "Applied Cryptography, 2nd Edition".
>> There was one page on elliptical curve cryptography, and it didn't
>> give any real information on what it was, what problem it uses (the
>> discrete logarithm problem), how it's used, or how DH is adapted to
>> use it. The book was pretty much entirely against software patents,
>> and because ECC had been freshly patented it seemed to be much more
>> scary about the topic than it should have been.

No:  https://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance ... and many more Schnier articles.  He puts out a monthly newsletter.

The NSA actually provided the elliptic curves for NIST's standards.  And the Snowden docs now show that those curves are related.

(Unfortunately Schnier's own website doesn't take his advice for some reason -- he's busy)

Also Apache is not actually enforcing server-ordering of ciphers BTW, but NginX does.

PS - does OpenSSL get funding from the DoD?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171218/75e4a552/attachment.html>

More information about the openssl-users mailing list