Re: ECC curves used in gnupg?
On Tue, 2013-12-17 at 13:01 -0600, Anthony Papillion wrote: I know that gnupg is experimenting with ECC and I'm wondering which curves the team has decided to use. I know there are some curves that are now suspected of being tainted by the NSA through NIST. Has the gnupg team ruled using those curves out? Wouldn't it be nice to include ecc curves up to 1024 bit(ecc brainpool gives you 512 bit at most, maryland 521). I calculated the parameters last year(no ties to maryland) and they are free for noncommercial use ;-) They can be found here: http://www.fh-wedel.de/~an/crypto/accessories/domains_anders.html In the ECC software Academic Signature -which contains a minimalistic GnuPG GUI by the way- you can check their sanity, including the MOV condition. There has been a thread on insecure GnuPG defaults lately. (SHA1 h) Please keep in mind that (to my knowledge) maryland does allow the export of ecc software up to 256 bit if in the interest of national security. So why not exclude bit sizes smaller than 256 from the very beginning. regards Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECC curves used in gnupg?
On Tue, 17 Dec 2013 20:01, anth...@cajuntechie.org said: I know that gnupg is experimenting with ECC and I'm wondering which curves the team has decided to use. I know there are some curves that are now suspected of being tainted by the NSA through NIST. Has the gnupg team ruled using those curves out? We will support the curves specified in RFC-6637. These are the NIST curves P-256, P-384, and P-521. I recently added support for Brainpool P256r1, P384r1, and P512r1 to make some some European governments happy. I the wake of recent events and due to the fear of many people that the NIST curves might have some secret properties, I added support for Bernstein et al's Ed25519 signature scheme. The problem here is that it is not really covered by RFC-6637 because it does not use the ECDSA signature scheme but a Schnorr like scheme named EdDSA. Thus for a proper implementation we need to assign a new algorithm number to it which in turn means to write another RFC. I recently met with Phil Zimmermann and we talked about the OpenPGP future. It is pretty clear that we need to replace the current algorithms with elliptic curves to get a better security margin for the future. Alhough there are no technical reasons not to use existing standard curves, we better take the users unhappiness with NIS curves in account and move on to curves like Ed25519 which are easier to use and are an outcome of public research. Bernstein and Lange are currently working on a 384 bit curve and it is very likely that this one will also be added to GnuPG. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
ECC curves used in gnupg?
I know that gnupg is experimenting with ECC and I'm wondering which curves the team has decided to use. I know there are some curves that are now suspected of being tainted by the NSA through NIST. Has the gnupg team ruled using those curves out? Anthony -- Anthony Papillion XMPP/Jabber: cajuntec...@jit.si SIP: 17772471...@callcentric.com iNum: +883-5100-01190960 PGP Key: 0xDC89FF2E ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users