[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)
From: Tom Ritter <tom@xxxxxxxxx>
Date: Tue, 23 Jun 2015 00:35:53 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Jun 2015 01:36:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=VpVoz31ymLLpA3bcWWL/I5pLhv7hHPmkIONMIBY8eYk=; b=2EHKibRLyyJUcD8/Wh+jInKqNhaF928o5Z2/TTmOmLaoE/o81w2w+FgFXv+qrgzyLl xVTlQFrfkc/K4EDmsi79FCaOQBo/EyLOX6VStA7YPN1d2J0BaIum3TzcCvwloa831aJn X09eomropCp/NWARxIkSZlnMUvVl2t51JhmmU=
In-reply-to: <20150622195559.EF74CE15B6@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <55883983.9040409@xxxxxxxxxxxxxxx> <20150622195559.EF74CE15B6@xxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 22 June 2015 at 14:55, l.m <ter.one.leeboi@xxxxxxxx> wrote:
> Hi,
>
> Last I heard NIST groups are rubbish. You're better off without them for
> security. Am I wrong?

With regards to security, no one[0] who generates curves or implements
ECC (as evidenced by the recent CFRG discussions or ECC Conference)
seriously believes the NIST curves are backdoored.

They do believe the NIST cruves lack security properties other curves
have, are less performant than other curves, and have a sufficiently
ambiguous origin to not be desirable. But the last one, the distrust
of the curves, and desire for new ones (meaning desire based solely on
that point) comes more from national agencies who want to mandate
national curves - the Chinese and Russians being good examples.

-tom

[0] +/- a tiny epsilon I'm sure
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)
  - From: nusenu
- Re: [tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)
  - From: l.m

Prev by Author: Re: [tor-dev] T Shits for Relay Operators
Next by Author: Re: [tor-dev] Researching Tor: Quantifying anonymity against a global passive adversary
Previous by thread: Re: [tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)
Next by thread: [tor-dev] small patch to allow gcc -fno-common for better ASAN coverage
Index(es):
- Author
- Thread