Re: Strange crypto choices

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



A backdoored curve could be easily generated using the algorithm used
to generate the NIST curves.
https://bada55.cr.yp.to/vr.html

The algorithm that generates a backdoored curve is very simple:
Suppose the NSA (the author of the curves) knows a way to solve ECDLP
in polynominal time for some rare (one in 2^32) curves. In this case,
they simply keep generating the curves until they will find one that
is weak to their algorithm for solving ECDLP. The computations
required only take two days on a cluster of 41 GTX 780 GPUs, and was
feasible to do with a cluster of specialized hardware in 1999, when
the curves were generated.

Neither RSA nor Curve25519 are vulnerable to similar attacks.

On Mon, May 28, 2018 at 1:36 AM, Damien Miller <djm@xxxxxxxxxxx> wrote:
> On Mon, 28 May 2018, Yegor Ievlev wrote:
>
>> Can we prefer RSA to ECDSA? For example:
>> HostKeyAlgorithms
>> ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
>
> not without a good reason
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux