-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aloha!
Nikos Mavrogiannopoulos wrote:
And about the "safe" curves listed at http://safecurves.cr.yp.to/, anything beyond curve25519 which is being deployed? M-383, Curve41417, M-511 or E-521?
There is some discussion in CFRG which will probably end-up in a draft but I don't really follow up.
I would say that "some" is a bit of an understatement. There are tons of discussions going on at the moment ranging from things like naming schemes of curves but also a lot of discussions related to implementations, patents, what curves are to be considered safe and why etc.
Right now it is hard to say what the results will be, but that there will be new curves used in IETF RFCs and protocols specified by IETF is probably not a wild guess.
Getting Curve25519 into nettle is a good start though.
BTW: There is a very interesting paper out from MSR that describes a survey of EC being used in practice.
http://eprint.iacr.org/2013/734
"In this paper, we perform a review of elliptic curve cryptography (ECC), as it is used in practice today, in order to reveal unique mistakes and vulnerabilities that arise in implementations of ECC. We study four popular protocols that make use of this type of public-key cryptography: Bitcoin, secure shell (SSH), transport layer security (TLS), and the Austrian e-ID card. We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols. However, we find that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems."
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================