[Ach] favor DHE over ECDHE? (was: preference of curves in ECC - ECDSA, ECDH)
torsten.gigler at owasp.org
Mon Mar 10 10:21:15 CET 2014
propabely you discussed this already, but I did not find it in the List:
What do you think about to favor generally DHE ciphers over ECDHE, as long
it is not clear which EC curves are save available by clients ans servers?
I tried to priorize them also according to BSI TR-02102-2:
I do think about to suggest this in our OWASP Project 'Top 10 fuer
Entwickler' (OWASP: Top 10 fuer Entwickler-2013 (Verteidigungs-Option 2a
gegen 'Verlust der Vertraulichkeit sensibler Daten')
Any pros or cons?
2014-03-09 20:37 GMT+01:00 Aaron Zauner <azet at azet.org>:
> Pepi Zawodsky wrote:
> > Actually secp256r1 and secp384r1 are supported in all clients that do
> Those are the mentioned NIST curves :)
> > So if we can really specify a list of ECC curves via OpenSSL that would
> open a whole bunch of curves we can support server side. We'll need to test
> this of course.
> The problem I see is with verifying the security of those curves. We do
> not have proper research to base any recommendation on. The safecurve
> stuff by bernstein is nice, but we cannot only refer to one publication.
> Also he considers some of the curves to be "unsafe" although some of the
> mentioned issues might not have any practical relevance to the security
> of the mentioned curve when implemented.
> Dan Boneh (stanford) also recently voiced concern about the NIST cuves
> at RSA conference [sic!].
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach