Hi, Sandy,
On 08/22/2017 08:22 PM, Sandy Harris wrote:
On Tue, Aug 22, 2017 at 12:14 PM, Tudor Ambarus
<tudor.ambarus@xxxxxxxxxxxxx> wrote:
Hi, Herbert,
On 02/02/2017 03:57 PM, Herbert Xu wrote:
Yes but RSA had an in-kernel user in the form of module signature
verification. We don't add algorithms to the kernel without
actual users. So this patch-set needs to come with an actual
in-kernel user of ECDSA.
ECDSA can be used by the kernel module signing facility too. Is there
any interest in using ECDSA by the kernel module signing facility?
I'd say keep it simple wherever possible; adding an algorithm should
need "is required by" not just "can be used by".
Even then, there is room for questions. In particular, whether such a
fragile algorithm should be trusted at all, let alone for signatures
on infrastructure modules that the whole OS will trust.
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security
ECDSA is a better alternative to RSA for digital signatures assuming
that you don't have implementation bugs.
ECDSA requires a much smaller key length in order to provide the same
security strength as RSA (see [1]):
security strength | RSA key length (bits) | ECDSA key lengths (bits)
112 2048 224-255
128 3072 256-383
When comparing to RSA, ECDSA promises better computational efficiency,
signature size and bandwith (see [2]).
Cheers,
ta
[1] NIST.SP.800-57pt1r4, section 5.6.1, table 2
[2] rfc4754, rfc6979