[Ach] Improving Applied Crypto Hardening Draft

Manuel Kraus ach at lsd.is
Fri Jan 10 14:32:24 CET 2014

Am Fri, 10 Jan 2014 11:22:26 +0100
schrieb Axel Hübl <axel.huebl at web.de>:

> Hash: SHA512
> Hi,
> On 10.01.2014 09:42, Manuel Kraus wrote:
> > a) Page 55
> > 
> > Key Exchange Table
> > 
> > - What is EECDH? Maybe you mean ECDHE instead?
> They are synonyms.
> One should state that since the theory section always talks about
> "ECDHE" but the actual cypher is EECDH.
> One first attemp to improve for the Apache config that was done in #33
>   https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/33
> but that problem occurs on other sections, too.
> Cheers
> Axel

Thanks for the clarification!

Well, the naming scheme seems to be quite inconsistent anyways. DHE vs. EDH, for example, meaning the same.

But I'd like to recommend to strictly use the common crypto stack given acronyms, instead of putting new ones in. Since this draft ist targeted at system administrators, other naming variants are useless confusing (it has confused me already). For me it is the openssl package, which rules, so I would vote for "ECDHE" in this case. Well, unless it isn't named something else in other valid crypto stacks... or the guys around openssl change it. :-P


Linux® System Dienste

More information about the Ach mailing list