X25519 Unlisted by -list_curves and Any Trusted Python Code for X, Y Coordinates

Hubert Kario hkario at redhat.com
Thu Jan 2 10:21:11 UTC 2020

On Thursday, 26 December 2019 00:50:29 CET, Salz, Rich via openssl-users 
>   *   I want to us ECDSA for my Web server's SSL certificate 
> via an ACME client to Let's Encrypt and maybe later BuyPass.
> That’s fine.
>   *   I thought that EC is better than RSA, but now I don't 
> think so. The answer seems to be: it depends.
> There are trade-offs.  The biggest one is that EC gives 
> equivalent security with a much smaller keysize.
>   *   Safe Curves (SafeCurves: 
> Introduction<https://urldefense.proofpoint.com/v2/url?u=https-3A__safecurves.cr.yp.to_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=FZ0AXmFqGUcUdZYm5wdvA4_d71tTi9iIRfHWFcL8wRo&s=ntsSs3tKgynp0pN2J8Yxf8Cd1wrWobKgA4jQ_PLgtPY&e=>) 
> says …
> FWIW, SafeCurves is mostly the guy behind 25519 :) This is not 
> a slam against djb, who’s kinda brilliant.
> If you’re not sure what to do, perhaps follow what the browsers 
> do.  That way if something’s wrong you’ll just be going up in 
> flames with the rest of the world.
> If you don’t trust the NSA and therefore don’t trust NIST, do 
> you accept AES? What about when they approve 25519?

there's also the difference between a "is the curve a safe generic 
primitive?" and "is the curve safe when used in X.509 and TLS?"

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list