[Ach] Shouldn't ECDHE be preferred over EDH and EECDH?

Aaron Zauner azet at azet.org
Tue Apr 22 10:42:29 CEST 2014


Hi Martin,

On 04/22/2014 02:40 AM, Martin J wrote:
> Hi,
>
> In many places throughout the text are EDH and EECDH used (e.g.
> Apache), and in the OpenVPN section is ECDHE is explicitly written
> that it have been excluded. ECDHE offers forward secrecy, which
> prevents captured packages to be decrypted later on, even when having
> the private key.
>
> According to this talk by Nadia Heninger djb Tanja Lange given at 30C3
> last year, those not ending with 'E' have other problems, and should
> be avoided. Please see and the next 5 minutes.
>
> http://youtu.be/HJB1mYEZPPA?t=20m50s
>
> Why are ECDHE not the preferred in the text?
I've been in that talk :)

ECDHE = Elliptic Curve Diffie-Hellman Ephemeral
EECDH = Ephemeral Elliptic Curve Diffie-Hellman
Those only differ in nomenclature but are in fact the same keyexchange
protocol (with [perfect] forward secrecy). This confusion results in
that OpenSSL has chosen different names for these protocols, they are
standardized by IANA. Newer OpenSSL versions will however use the IANA
names.

DHE   = (non-EC) Diffie-Hellman Ephemeral
Has forward secrecy as well.

Thanks,
Aaron



More information about the Ach mailing list