Phil has many good points. Having done some research work in the Crypto-Academic community, I must point out that there is a difference between the security of the underlying mathematical crypto system and the implementation. For example, a one time pad is mathnmetically secure and cannot be broken (proved by Claude SHannon). However many times in history we were able to decrypt messages encrypted by one time pads due to flaws in its implementation (see: Project VERONA).
So far there are no known weaknesses in any of the major public key systems mathematically speaking, which is a good sign. However this does not mean the implementation does not have any weakness. As Phil pointed out, the whole Debian OpenSSL debacle is a prime example of this. This is another good reason to implement a few crypto-systems independently. On Tue, Feb 22, 2011 at 00:27, Phil Pennock <[email protected]> wrote: > On 2011-02-21 at 11:53 -0800, Tom Perrine wrote: > > I just saw this blog post by the Grumpy Troll: > > http://bridge.grumpy-troll.org/2011/01/openssh.html > > Thanks for the shout-out. :) > > > How about you? Is ECC revolutionary, just for tinfoil hats, or no value > at > > all? I've put together a quick Survey Monkey survey to gauge interest in > > ECC in SSH: > > Since you don't ask for *why* in the survey: I believe in algorithm > agility and not being critically dependent upon any one system. Crypto > strength is mostly about what we don't know how to do, not what we can > prove. As Bruce Schneier is fond of saying, attacks against a > crypto-system only ever get better. > > Thus I deploy both RSA and DSA keys, both host and client, so that in > the event of a calamity I can turn one off and still have the other to > use. A calamity might be a crypto break-through, or it might be the > discovery of a bug like the one which bit Debian systems a few years > back, having seriously weakened keys. > > It's not that I have any reason to fear that RSA or DSA might be weak, > but that I have no reason to believe that either is too weak, so running > both in parallel does not hurt security and does improve my ability to > respond to a changing environment, which at some point in time will > critically improve my security. > > Likewise, ECC and the ECDSA support: it's a different system, built on > different primitives. I'm not a cryptanalyst to judge the security of > ECC, I trust what the experts say. I am a sysadmin opposed to single > points of failure and ECC is good enough that I like being able to > deploy it in parallel, so that I'm not just dependent upon prime number > factorisation. > > It might be that the next breakthrough will take down ECC, not RSA, and > I'll end up having to disable it and those who didn't deploy it will > laugh. But it could be that the next breakthrough hurts RSA instead. > *shrug* I prepare for the worst and cover my bases. > > In closing, I'll note that when the NSA tinkered with DES there was a > lot of paranoia, but when public cryptography finally caught up it > turned out that the NSA had made DES stronger. The evidence, rather > than loud-mouthing, to date suggests that the NSA does its job honestly, > making real crypto stronger and protecting the US government and public > in this manner. With the NSA pushing NIST to push to migrate federal > systems to ECC, I'm not going to go out screaming that "we must move to > ECC", but I am going to heed the advice and buy myself the flexibility > by deploying a third hostkey and client pubkey algorithm. > > -Phil, The Grumpy Troll > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- The best compliment you could give Pythian for our service is a referral.
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
