Re: Hello guyz and cryptobrains! :P
On 17/04/12 06:57, toredhiddenu...@tormail.net wrote: The library only supports Fp and F2^m custom curves. The easiest way to construct a custom curve is by using one of: EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); Where for an Fp curve p, a and b are used as follows: y^2 mod p = x^3 +ax + b mod p And for an F2^m curve p (p=2^m), a and b are: y^2 + xy mod p = x^3 + ax^2 + b (where b != 0) mod p Matt So, do you say it can't be done with executable? Will this be a feature in future releases? Are you sure there's no way to do that than digging the C source? Well ultimately openssl is a library. The functions I mention above are part of the public API so you don't need to modify the openssl source to use them. It does require programming though. From your question I assume you are referring to the openssl command line tool. I am not particularly familiar with the command line tool as most of my work has been with the library directly. However I would be surprised if you can define custom curves using it...that's fairly advanced stuff that most users are never going to need to use (nor would it be advisable for them to do so). In almost all cases using a standard curve will be sufficient - and its by far the safest option. In terms of future support for new curves, I imagine that is going to be driven by the standards. As curves get defined and standardised they will work their way into openssl. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
> On 15/04/12 23:33, Dr. Stephen Henson wrote: >> On Sun, Apr 15, 2012, Jeffrey Walton wrote: >> >>> On Sun, Apr 15, 2012 at 12:01 PM, wrote: Hello guyz and cryptobrains! :P One of the main disadvantages of EC on openssl seems to be the inability to create arbitrary-sized keys and advantage for RSA: you can create 32768 bit RSA key but... not greater than 521 bits on ECC. Will this continue to be a disadvantage or can 32768 RSA key be used instead? >>> Point counting is tricky business. I believe it is the reason most >>> folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. >>> >>> I don't know how to plug in a custom curve with OpenSSL (I have never >>> had a need to do it), but I do know how with Crypto++. If I wanted to >>> do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to >>> generate domain parameters to meet security levels. >>> >> It should be possible to use a non-named curve with the appropriate >> encoding >> of the ECParameters structure. I've never had to do this either. > > The library only supports Fp and F2^m custom curves. The easiest way to > construct a custom curve is by using one of: > > EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const > BIGNUM *b, BN_CTX *ctx); > EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, > const BIGNUM *b, BN_CTX *ctx); > > > Where for an Fp curve p, a and b are used as follows: > y^2 mod p = x^3 +ax + b mod p > > And for an F2^m curve p (p=2^m), a and b are: > y^2 + xy mod p = x^3 + ax^2 + b (where b != 0) mod p > > Matt > > >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > So, do you say it can't be done with executable? Will this be a feature in future releases? Are you sure there's no way to do that than digging the C source? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
On 15/04/12 23:33, Dr. Stephen Henson wrote: On Sun, Apr 15, 2012, Jeffrey Walton wrote: On Sun, Apr 15, 2012 at 12:01 PM, wrote: Hello guyz and cryptobrains! :P One of the main disadvantages of EC on openssl seems to be the inability to create arbitrary-sized keys and advantage for RSA: you can create 32768 bit RSA key but... not greater than 521 bits on ECC. Will this continue to be a disadvantage or can 32768 RSA key be used instead? Point counting is tricky business. I believe it is the reason most folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. I don't know how to plug in a custom curve with OpenSSL (I have never had a need to do it), but I do know how with Crypto++. If I wanted to do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to generate domain parameters to meet security levels. It should be possible to use a non-named curve with the appropriate encoding of the ECParameters structure. I've never had to do this either. The library only supports Fp and F2^m custom curves. The easiest way to construct a custom curve is by using one of: EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); Where for an Fp curve p, a and b are used as follows: y^2 mod p = x^3 +ax + b mod p And for an F2^m curve p (p=2^m), a and b are: y^2 + xy mod p = x^3 + ax^2 + b (where b != 0) mod p Matt Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
> On Sun, Apr 15, 2012 at 12:01 PM, wrote: >> Hello guyz and cryptobrains! :P >> >> One of the main disadvantages of EC on openssl seems to be the inability >> to create arbitrary-sized keys and advantage for RSA: you can create >> 32768 >> bit RSA key but... not greater than 521 bits on ECC. >> >> Will this continue to be a disadvantage or can 32768 RSA key be used >> instead? > Point counting is tricky business. I believe it is the reason most > folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. > > I don't know how to plug in a custom curve with OpenSSL (I have never > had a need to do it), but I do know how with Crypto++. If I wanted to > do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to > generate domain parameters to meet security levels. > > Jeff > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > Ewww... It's proprietary! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
On Sun, Apr 15, 2012, Matt Caswell (fr...@baggins.org) wrote: > > First of all there is nothing about the openssl EC library that > restricts the key length. > Well there is a limit on key sizes for public key algorithms to avoid their use as a DoS attack. This limit is currently 661 bits for EC keys and 16384 bits for RSA keys. The limits can be increased at compile time. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
On Sun, Apr 15, 2012, Jeffrey Walton wrote: > On Sun, Apr 15, 2012 at 12:01 PM, wrote: > > Hello guyz and cryptobrains! :P > > > > One of the main disadvantages of EC on openssl seems to be the inability > > to create arbitrary-sized keys and advantage for RSA: you can create 32768 > > bit RSA key but... not greater than 521 bits on ECC. > > > > Will this continue to be a disadvantage or can 32768 RSA key be used > > instead? > Point counting is tricky business. I believe it is the reason most > folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. > > I don't know how to plug in a custom curve with OpenSSL (I have never > had a need to do it), but I do know how with Crypto++. If I wanted to > do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to > generate domain parameters to meet security levels. > It should be possible to use a non-named curve with the appropriate encoding of the ECParameters structure. I've never had to do this either. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
On 15/04/12 17:01, toredhiddenu...@tormail.net wrote: Hello guyz and cryptobrains! :P One of the main disadvantages of EC on openssl seems to be the inability to create arbitrary-sized keys and advantage for RSA: you can create 32768 bit RSA key but... not greater than 521 bits on ECC. Will this continue to be a disadvantage or can 32768 RSA key be used instead? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Well, there are a few points to consider here. First of all there is nothing about the openssl EC library that restricts the key length. It is perfectly possible to define curves which support key lengths of any size that you desire. However, the library provides numerous standard curves (which support specific defined key lengths) for you to use which in most circumstances are going to be perfectly acceptable. I wouldn't recommend defining your own curve unless you really know what you are doing. If however you can find a curve that supports the key length you want, then you can use the library to create it. Secondly you cannot directly compare RSA key lengths and EC key lengths. RSA keys are *much* longer than the equivalent EC key size for the same security...and the effect becomes more pronounced the more security that you desire. So: An RSA key size of 1024 bits is equivalent to 160 bits EC (or 80 bit symmetric such as AES) RSA key size of 3072 bits is equivalent to 256 bits EC (or 128 bit symmetric) RSA key size of *15360* bits is equivalent to 512 bits EC (or 256 bit symmetric) Finally of course that whilst it is possible to define very long key sizes for RSA the practicalities of doing so mean that using EC is by far the better choice. Consider the performance difference you are likely to get working with 15360 bit numbers compared with 512 for EC! Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hello guyz and cryptobrains! :P
On Sun, Apr 15, 2012 at 12:01 PM, wrote: > Hello guyz and cryptobrains! :P > > One of the main disadvantages of EC on openssl seems to be the inability > to create arbitrary-sized keys and advantage for RSA: you can create 32768 > bit RSA key but... not greater than 521 bits on ECC. > > Will this continue to be a disadvantage or can 32768 RSA key be used instead? Point counting is tricky business. I believe it is the reason most folks (OpenSSL, Crypto++, NSS, etc) stick with well known curves. I don't know how to plug in a custom curve with OpenSSL (I have never had a need to do it), but I do know how with Crypto++. If I wanted to do so, I would use Marcel Martin's Elliptic Curve Builder (ECB) to generate domain parameters to meet security levels. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org