Copying my response from the other bug: I fully support elliptic curve cryptography, but your statement that "There is no support for ciphers with elliptic curves in current versions of dc++ (v0.851)." is simply inaccurate.
For the record, as of DC++ 0.851, it supports the following ciphersuites, copy/pasted directly from CryptoManager.cpp: "ECDHE-RSA- AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA- AES128-SHA:AES128-SHA". ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA- AES128-SHA256, and ECDHE-RSA-AES128-SHA do use elliptic curves. Regarding ECDSA specifically, vs the also-elliptic-curve ECDHE, https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys/41509 and, for example: "Also, DSA and ECDSA have a nasty property: they require a parameter usually called k to be completely random, secret, and unique. In practice that means that if you connect to your server from a machine with a poor random number generator and e.g. the the same k happens to be used twice, an observer of the traffic can figure out your private key. (source: Wikipedia on DSA and ECDSA, also this)." As https://tools.ietf.org/html/rfc6979 elaborates: One characteristic of DSA and ECDSA is that they need to produce, for each signature generation, a fresh random value (hereafter designated as k). For effective security, k must be chosen randomly and uniformly from a set of modular integers, using a cryptographically secure process. Even slight biases in that process may be turned into attacks on the signature schemes. ECDHE-RSA-* don't have this problem, while ECDHE-ECDSA-* at least historically have. It's possible that https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=190c615d4398cc6c8b61eb7881d7409314529a75 adequately protects against this threat, though it does not implement RFC 6979 per se. I'll investigate whether ECDSA's glass jaw has been adequately ameliorated. -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1484807 Title: Encryption problems in DC++ 0.851 when connecting to a LUADCH hub Status in DC++: New Bug description: we are running Luadch 2.14 in the hubs and when we updated to the latest we got problems whit 0.851 clients. It works whit 0.843. Whit the 0.851 we get tls error.. I have talkt to the Dev from Luadch and they say that this is something wrong whit 0.851 Kungen To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1484807/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
