Re: Questions about secure curves

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Oct 15, 2019, at 1:02 PM, Mark Hack <markhack@xxxxxxxxxxxx> wrote:

I believe that Firefox does still support P-521 but Chrome does not.
Also be aware that if you set server side cipher selection and use
default curves, that OpenSSL orders the curves weakest to strongest (
even with @STRENGTH) so you will end up forcing P-256.

The choice is optimized for reasonable security, performance and
interoperability.  There's little reason at present to prefer the
521-bit or 384-bit NIST curves.  If any of them are weak against
a secret new cryptanalytic attack, they possibly all are.  Barring
secret advances at NSA (or similar), all the curves are well ou
of reach of known realizable attacks (we don't have any scalable
quantum computers at present), so you may as well use one with
decent performance.

Similarly, IIRC Chrome prefers AES128 or AES256, ...

--
Viktor.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux