Re: [gentoo-user] Heartbleed fix - question re: replacing self-signed certs with real ones

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: Text/Plain, Size: 1427 bytes --]

On Saturday 19 Apr 2014 14:17:56 Joe User wrote:
> 3.) Even the people behind http://safecurves.cr.yp.to have no proof
>     that secp[256|384|521]r1 are unsecure, they just don't trust the
>     NIST. So that list is mostly useless and possibly untrue.

I am not knowledgeable enough in cryptanalysis or mathematics, to defend or 
dispute Tanja Lange and Dan Bernstein's analysis, but their safecurves 
evaluation criteria[1] appear logical to me and in any case better than the 
undeclared reasons that NIST/NSA have chosen particular seed values to arrive 
at the secpXXX series while rejected others.

The issue of safe curves to use with TLS has also troubled the IETF TLS 
Working Group members and they raise similar issues [2], while they try to 
strike some working compromise for real world implementations - they admit 
though that these recommendations are very much a temporary state until more 
secure curves/algos show up.

I came across a draft guide on Crypto Hardening for sysadmins in the post-
Snowden era, produced by the bettercrypto.org and thought of sharing with the 
list.  I hope it is useful for people here who look after webservers and 
applications.


  [1] http://safecurves.cr.yp.to/rigid.html
  [2] http://ftp.zut.edu.pl/mirrors/ftp.ietf.org/ietf-mail-archive/uta/2014-01.mail
  [3] https://bettercrypto.org/static/applied-crypto-hardening.pdf

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]