On 10/19/2016 01:54 PM, m.roth at 5-cent.us wrote:> Alice Wonder wrote: >> On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: >>> Hello Gordon, >>> >> *snip* >>> >>> Personally I would be more concerned whether or not to enable ECDSA >>> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). >>> >> For web server ECDSA certs is currently a concern because the only >> curves with popular support across browsers have parameters that were >> chosen for undocumented reasons. >> >> That doesn't mean they are vulnerable but there is a question. >> >> OpenSSH uses Curve25519 for ECDSA which has documented reasons for the >> parameters chosen and thus are far less likely to be nefariously chosen. >> >> At least that's my understanding of the situation, which could be flawed. > > Oh, are those the ones with the NSA backdoor curve? >Allegedly they might. I use ecdsa certs on most of my websites, using secp384r1 I formerly used secp521r1 but suddenly Google with no warning stopped supporting it in chrome. That company is too powerful. The only other option (that has both browser and CA support) is prime256v1 Hopefully soon we will get a better option. I don't believe it is an issue with OpenSSH though.
Hello Alice, On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote:> I formerly used secp521r1 but suddenly Google with no warning stopped > supporting it in chrome. That company is too powerful.Actually this is something the NSA insists on: https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa Q: To whom is the CNSS Advisory Memorandum 02-15 addressed? A: NSA's announcement of changes from Suite B cryptography to the Commercial National Security Algorithm Suite are for organizations that run classified or unclassified national security systems (NSS) and vendors that build products used in NSS. <snip> I suppose Google is such a vendor. Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS? A: In order to enhance system interoperability NSA recommends the use of NIST P-384. CNSSP-15 does not permit use of NIST P-521. Use of NIST P-521 needs to be approved by NSA as an exception to policy. This continues under CNSS Advisory Memorandum 02-15. Because of "interoperability" the use of strong crypto is discouraged. Reminds me of the fact that not so long ago (and quite a while after the algorithm was considered broken) openwall (then org, now com) insisted on standardizing on MD5 for password hashes in phpass "because the algorithm is available on nearly every system." As if catering for the lowest common denominator is good practice when security is a concern. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
On Thu, October 20, 2016 7:38 am, Leonard den Ottolander wrote:> Hello Alice, > > On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote: >> I formerly used secp521r1 but suddenly Google with no warning stopped >> supporting it in chrome. That company is too powerful.<rant> It is. As anything behind which secret [service] taxpayer money quite likely is. But the awful thing is that everyone of us who usees google anything, gmail included, are part of the problem. Yes, indeed, we need to look into mirror and answer honestly to ourselves about that. Disregarding that the truth hurts. </rant> Ironically, many of us displeased with google (vocally on this list that is) post from gmail accounts ;-) Valeri> > Actually this is something the NSA insists on: > > https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa > > Q: To whom is the CNSS Advisory Memorandum 02-15 addressed? > A: NSA's announcement of changes from Suite B cryptography to the > Commercial National Security Algorithm Suite are for organizations that > run classified or unclassified national security systems (NSS) and > vendors that build products used in NSS. <snip> > > I suppose Google is such a vendor. > > Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS? > A: In order to enhance system interoperability NSA recommends the use of > NIST P-384. CNSSP-15 does not permit use of NIST P-521. Use of NIST > P-521 needs to be approved by NSA as an exception to policy. This > continues under CNSS Advisory Memorandum 02-15. > > Because of "interoperability" the use of strong crypto is discouraged. > > Reminds me of the fact that not so long ago (and quite a while after the > algorithm was considered broken) openwall (then org, now com) insisted > on standardizing on MD5 for password hashes in phpass "because the > algorithm is available on nearly every system." As if catering for the > lowest common denominator is good practice when security is a concern. > > Regards, > Leonard. > > -- > mount -t life -o ro /dev/dna /genetic/research > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++