[Ach] Improving Applied Crypto Hardening Draft

Axel Hübl axel.huebl at web.de
Fri Jan 10 14:53:39 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Agreed,

actually OpenSSL should have implemented now both namings for eliptic
curves as synonyms.
  https://www.mail-archive.com/openssl-dev@openssl.org/msg33405.html

So maybe we can also change the cypher string to ECHDE (not tested
yet) and would stay consistent with the theory part/usual namings.

Best,
Axel

On 10.01.2014 14:32, Manuel Kraus wrote:
> Am Fri, 10 Jan 2014 11:22:26 +0100 schrieb Axel Hübl
> <axel.huebl at web.de>:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>> 
>> Hi, On 10.01.2014 09:42, Manuel Kraus wrote:
>> 
>>> a) Page 55
>>> 
>>> Key Exchange Table
>>> 
>>> - What is EECDH? Maybe you mean ECDHE instead?
>> 
>> They are synonyms. One should state that since the theory section
>> always talks about "ECDHE" but the actual cypher is EECDH.
>> 
>> One first attemp to improve for the Apache config that was done
>> in #33 
>> https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/33
>> 
>> but that problem occurs on other sections, too.
>> 
>> Cheers Axel
> 
> Thanks for the clarification!
> 
> Well, the naming scheme seems to be quite inconsistent anyways. DHE
> vs. EDH, for example, meaning the same.
> 
> But I'd like to recommend to strictly use the common crypto stack
> given acronyms, instead of putting new ones in. Since this draft
> ist targeted at system administrators, other naming variants are
> useless confusing (it has confused me already). For me it is the
> openssl package, which rules, so I would vote for "ECDHE" in this
> case. Well, unless it isn't named something else in other valid
> crypto stacks... or the guys around openssl change it. :-P
> 
> Manuel
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQJ8BAEBCgBmBQJSz/tjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lBMcQAIy7yebRkT/yW0+YzkqvOn2M
cjuyo971DJTrPWlN9o6a7Fd8LxlNCGg7CXcbVuR5bamj58r4GSkGNa6JQ4iTtKw0
G8X1nK0vB7me44hR6NxnhkphLuXgwOnlHlgtZlNwI1aR8AV3Qwl2vNPaJUT15yK1
8rEwzd6OGm+D7CvyrpTRXWvb4TUxThOEaPtoW+UlFCdRLIahtu/Fyi6i4iCPWS5t
N7xqd8opIOz0EGfoO5pOES3FpmRK/1hps5e6xYyw5yOCcTssc8Z6HhTOjZ8IgpZS
OGMz5q3ijwlkRA79KtADFk6k9KNbEpjj8muKX02yxrIS9CTVkwZjM0IATNHD5Hta
ELI0eHCZUTMQutBFiV/pJnXJDK39t9pKjqCKoN4tT4wYMZK1GBlOP65Z7oPxy7Pi
LC2gtU8yiriAOVd7lLF3rpf7/zIGJT+48Mfl3gnUSgunbGoQcoiY9eRyBxCwWp40
xU5fYm0E5xnCcL+V9XPkR/xz6yiDYYovoke3WptdV/jgm6Jbyk/AfoYXL0iqtizX
EEIsxk5f2MrR2UGxyQismCIiOMQoQeVHCZsxqfwu1k/zMOxeY5kmv+zItUQE+GaE
JhB2xD4M576smKIvvTgtjsrk4Hjx9U9N3ec9ifT1wVqlKe4927oG1Yq6xsRc0c7Q
SiXgkgGfF9aKWz+2S+mf
=mXR7
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140110/137fdc82/attachment.bin>


More information about the Ach mailing list