[Ach] Shouldn't ECDHE be preferred over EDH and EECDH?

Andreas Mirbach a.mirbach at me.com
Tue Apr 22 09:18:25 CEST 2014


Hi Martin,

As far as i know, every DHE offers forward secrecy. ECDHE means that it uses elliptic curves. I think the reason why BetterCrypto does not recommend it is, most implementations use the NIST Curve which properbly has a NSA backdoor. Most crypto scientist recommend the Curve25519 which is very rare implemented. If the Curve25519 will be more widespread they will recommend ECDHE, because its much faster than DHE.

Andreas Mirbach

Sent from my iPad

> On 22.04.2014, at 02:40, Martin J <rc6encrypted at gmail.com> wrote:
> 
> Hi,
> 
> In many places throughout the text are EDH and EECDH used (e.g. Apache), and in the OpenVPN section is ECDHE is explicitly written that it have been excluded. ECDHE offers forward secrecy, which prevents captured packages to be decrypted later on, even when having the private key.
> 
> According to this talk by Nadia Heninger djb Tanja Lange given at 30C3 last year, those not ending with 'E' have other problems, and should be avoided. Please see and the next 5 minutes.
> 
> http://youtu.be/HJB1mYEZPPA?t=20m50s
> 
> Why are ECDHE not the preferred in the text?
> 
> Best regards,
> Martin
> 
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140422/ed795b6e/attachment.html>


More information about the Ach mailing list