[Ach] Applied Crypto Hardening

Berg San bs at cyontris.eu
Wed Dec 11 23:02:34 CET 2013

On 12/11/2013 08:26 PM, Christoph Mueller wrote:
> Hello!

> - In chap. 6 you mentioned: "The security of the RSA and Diffie-Hellman
> algorithms is based on the assumption that factoring
> large primes is infeasable. Likewise the security of ECC is based on the
> discrete logarithm problem"
> RSA is based on factoring, DH is based on discrete logarithm problem.
> therefore DH can be transformed into a ECC Version (ECDH) as well as for
> example DSA to ECDSA. RSA can not be transformed in that way (there is
> no ECRSA as some former TU assistant which was concerned with
> cryptography told me long ago). In
> http://www.emc.com/emc-plus/rsa-labs/historical/overview-elliptic-curve-cryptosystems.htm
> it is mentioned that such a thing can exist but then na ECC over a
> GF(p*q) has to exist, which AFAIK is not possible.

The security of the RSA algorithm is based on the assumption that 
factoring large primes is infeasible. Likewise the security of ECC, DH 
and DSA is based on the discrete logrithm problem.

> - In chap 10.5.1 in the enumeration of crypto algorithms for key
> exchange there is ECDSA mentioned which cannot be used for key exchange
> alone. you just can combine it with ECDH but as a seperate part.


In the table below there is also DSA mentioned.

> - In chap. 10.5.2 and .3 FORTEZZA is mentioned which is more a product
> than an algorithm (see http://en.wikipedia.org/wiki/Fortezza). And it
> smells bad because of the NSA. I would not mention it.

ack, and it is not implemented in openssl.

> That's so far everything for me.

thx for the review.

> best regards
> Christoph


More information about the Ach mailing list