Comments on: Elliptic Curve Cryptography in OpenSSH https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/ Linux. GNU. Freedom. Mon, 09 Oct 2017 10:42:05 +0000 hourly 1 https://wordpress.org/?v=4.9-alpha-41547 By: Paul https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-131788 Wed, 08 Jan 2014 18:12:00 +0000 http://pthree.org/?p=1700#comment-131788 If both server and client support ECC and are configured with ECDSA keys, but you still choose to authenticate a session with a password rather than with public key authentication, is ECC still used by default for the key exchange?

]]>
By: Zooko O'Whielacronx https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115688 Fri, 08 Apr 2011 18:15:20 +0000 http://pthree.org/?p=1700#comment-115688 "Generally speaking, the equivalent DSA keys would require 4-times the bit strength of ECDSA keys. In other words, a 256-bit ECDSA key is equivalent in strength to a 1024-bit DSA key."

That's not the consensus. Check out this cool site that lets you explore recommendations: http://keylength.com .

Here is what it says if you ask it what is equivalent to 256-bit ECC keys:

http://tahoe-lafs.org/~zooko/Keylength%20-%20Compare%20all%20Methods.html

Only the German standards body, BSI, thinks that a 256-bit ECC key is equivalently strong to a 2048 DSA key. The other researchers range from 3072 up to 4440 bit DSA keys as being as strong as 256-bit ECDSA keys!

]]>
By: gepgep https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115449 Sat, 19 Feb 2011 18:11:55 +0000 http://pthree.org/?p=1700#comment-115449 asdfasdfa

]]>
By: Links 19/2/2011: Red Hat Enterprise Linux 4.9, ODF Plugfest UK Imminent | Techrights https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115448 Sat, 19 Feb 2011 17:12:36 +0000 http://pthree.org/?p=1700#comment-115448 [...] Elliptic Curve Cryptography in OpenSSH [...]

]]>
By: Tweets that mention Aaron Toponce : Elliptic Curve Cryptography in OpenSSH -- Topsy.com https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115445 Fri, 18 Feb 2011 11:40:57 +0000 http://pthree.org/?p=1700#comment-115445 [...] This post was mentioned on Twitter by toorghezi and St├ęphane Bortzmeyer, Jean Baptiste FAVRE. Jean Baptiste FAVRE said: Elliptic Curve #Cryptography in #OpenSSH http://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/ [...]

]]>
By: Aaron https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115444 Fri, 18 Feb 2011 10:26:13 +0000 http://pthree.org/?p=1700#comment-115444 Here's a paper describing ECC on constrained devices, such as 8-bit CPUs. It's lengthy, but shows why ECC is such a great fit for smaller devices:

http://www.crypto.rub.de/imperia/md/content/texte/theses/kumar_diss.pdf

It mentions in detail the Elliptic Curve Diffie-Hellman (ECDH) protocol (which OpenSSH 5.7 and later supports as well) which is possible on these devices without a cryptographic processor.

Anyway, FYI.

]]>
By: Aaron https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115443 Fri, 18 Feb 2011 10:15:56 +0000 http://pthree.org/?p=1700#comment-115443 Nope, it's not a typo. I do in fact mean 521 bits. Here's the RFC: http://www.faqs.org/rfc/rfc4754.txt

When I'm talking about the algorithm, I'm referring to the encryption/decryption algorithm. ECC doesn't depend on S-boxes, so it can achieve higher cycles per byte than most other algorithms.

Also, because it's based on the algebraic properties of elliptic curves, rather than factoring large primes, the math is an order of magnitude lighter to compute, thus it's great for embedded systems, lower-end CPUs, etc. Even the LOC to implement ECC in any specific language is less than traditional AES, 3DES, RSA, DSA and other algorithms.

]]>
By: mindcorrosive https://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/#comment-115442 Fri, 18 Feb 2011 09:54:11 +0000 http://pthree.org/?p=1700#comment-115442 > The bit strengths are 256, 384 and 521.

Perhaps you mean 512? 521 is an.. odd number.

When you say "the algorithm is faster and lighter", do you mean the key generation only, or the encrypt/decrypt cycle?

]]>