[Ach] Applied Crypto Hardening

Christoph Mueller christoph.mueller at gmx.at
Wed Dec 11 20:26:04 CET 2013


My name is Christoph Müller, I work for Coretec (alltrough I spend my 
whole time consulting to another company). I also participated in a 
project involving ECC a few years ago.

Christian asked me to take a look at the document. I have some comments 
about it and want to tell them to you:

- In chap. 6 you mentioned: "The security of the RSA and Diffie-Hellman 
algorithms is based on the assumption that factoring
large primes is infeasable. Likewise the security of ECC is based on the 
discrete logarithm problem"

RSA is based on factoring, DH is based on discrete logarithm problem. 
therefore DH can be transformed into a ECC Version (ECDH) as well as for 
example DSA to ECDSA. RSA can not be transformed in that way (there is 
no ECRSA as some former TU assistant which was concerned with 
cryptography told me long ago). In 
it is mentioned that such a thing can exist but then na ECC over a 
GF(p*q) has to exist, which AFAIK is not possible.

- In chap 10.5.1 in the enumeration of crypto algorithms for key 
exchange there is ECDSA mentioned which cannot be used for key exchange 
alone. you just can combine it with ECDH but as a seperate part.

- In chap. 10.5.2 and .3 FORTEZZA is mentioned which is more a product 
than an algorithm (see http://en.wikipedia.org/wiki/Fortezza). And it 
smells bad because of the NSA. I would not mention it.

That's so far everything for me.

best regards

More information about the Ach mailing list