On 2011-02-21 at 11:53 -0800, Tom Perrine wrote: > I just saw this blog post by the Grumpy Troll: > http://bridge.grumpy-troll.org/2011/01/openssh.html
Thanks for the shout-out. :) > How about you? Is ECC revolutionary, just for tinfoil hats, or no value at > all? I've put together a quick Survey Monkey survey to gauge interest in > ECC in SSH: Since you don't ask for *why* in the survey: I believe in algorithm agility and not being critically dependent upon any one system. Crypto strength is mostly about what we don't know how to do, not what we can prove. As Bruce Schneier is fond of saying, attacks against a crypto-system only ever get better. Thus I deploy both RSA and DSA keys, both host and client, so that in the event of a calamity I can turn one off and still have the other to use. A calamity might be a crypto break-through, or it might be the discovery of a bug like the one which bit Debian systems a few years back, having seriously weakened keys. It's not that I have any reason to fear that RSA or DSA might be weak, but that I have no reason to believe that either is too weak, so running both in parallel does not hurt security and does improve my ability to respond to a changing environment, which at some point in time will critically improve my security. Likewise, ECC and the ECDSA support: it's a different system, built on different primitives. I'm not a cryptanalyst to judge the security of ECC, I trust what the experts say. I am a sysadmin opposed to single points of failure and ECC is good enough that I like being able to deploy it in parallel, so that I'm not just dependent upon prime number factorisation. It might be that the next breakthrough will take down ECC, not RSA, and I'll end up having to disable it and those who didn't deploy it will laugh. But it could be that the next breakthrough hurts RSA instead. *shrug* I prepare for the worst and cover my bases. In closing, I'll note that when the NSA tinkered with DES there was a lot of paranoia, but when public cryptography finally caught up it turned out that the NSA had made DES stronger. The evidence, rather than loud-mouthing, to date suggests that the NSA does its job honestly, making real crypto stronger and protecting the US government and public in this manner. With the NSA pushing NIST to push to migrate federal systems to ECC, I'm not going to go out screaming that "we must move to ECC", but I am going to heed the advice and buy myself the flexibility by deploying a third hostkey and client pubkey algorithm. -Phil, The Grumpy Troll _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
