Re: elliptic-curve cryptography, are we ready?

[coderman <coderman () gmail com>]

On 8/15/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
> On Wed, 15 Aug 2007 08:29:05 EDT, Marc Evans said:
> > That said, I am not finding much in the area of public implementations

openssl 0.9.9 (devel) supports the ECC cipher suites.


> Well, the MD5 hash is well into "stick a fork in it, it's done" status, and
> people should be migrating to SHA-n based code.

SHA2 please :)  [sha1 has been broken down to 2^69 or less, instead of
the desired 2^80 collision resistance...]

as for MD5, well, i thought the tunneling collision trick would
finally kill it, yet it lingers on!


>  The biggest problem with
> RSA is that we'll probably have to move from 1K-bit keys to 2K-bit keys
> sometime in the next decade.

uh, we're there already.  the latest GNFS break of a large 1017 bit
"special" prime earlier this year drove a stake through the heart of
1K keys.  people have been suggesting 2k keys for a while now. :)
[the paranoid have been using 4k keys for years]


> Elliptic curves are an interesting replacement mostly in some niches, most
> notably for smart cards or other places where power and/or computrons are a
> scarce resource.  On laptops and higher, it doesn't buy you any additional
> security...
>
> Phrased differently: The smart card can't handle RSA with 2048 bit keys, but
> *can* do an ECC with 256 bit keys, so we'll do it that way across the board.

i'd argue this is useful across all niches, since scaling key strength
for ECC is much more workable than RSA/DSA/Elg/etc.  consider a 512
bit ecc vs. 16-32k RSA.

best regards,
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.