Open
Bug 342557
Opened 18 years ago
Updated 2 years ago
There is no way to disable particular ECC curves
Categories
(NSS :: Libraries, enhancement, P4)
Tracking
(Not tracked)
REOPENED
People
(Reporter: rcrit, Unassigned)
Details
Currently there is no way I know of to disable a particular ECC curve. Can there be an API to enable/disable curves in a similar way that ciphers can be enabled/disabled and some default set available (perhaps all) when a policy is set (e.g. NSS_SetDomesticPolicy())?
Comment 1•18 years ago
|
||
*** This bug has been marked as a duplicate of 319327 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Comment 2•18 years ago
|
||
This enhancement request is different from bug 319327. The purpose of this new function is to disable an elliptic curve when it is considered unsafe. For example, ANS X9.62-2005 considers a few curves in X9.62-1998 unsafe and disallows the use of those curves (bug 339393). We need a way to handle similar incidents in the future without rebuilding the softoken.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Updated•18 years ago
|
Priority: -- → P4
See the last table on this page, choosing Safe Curves: https://safecurves.cr.yp.to/index.html
The only perfectly secure curves are:
Curve1174
Curve25519 (the only secure curve in windows that I am aware of)
Curve41417 formerly named Curve3617
Curve383187 authors subsequently recommended switching to M-383
M-221 formerly named Curve2213
M-383
M-511 formerly named Curve511187
E-222
E-382
E-521
Ed448-Goldilocks
Insecure Curves include:
NIST P-224
NIST P-256
secp256k1
NIST P-384
Anomalous
BN(2,254)
brainpoolP256t1
ANSSI FRP256v1
brainpoolP384t1
SafeCurves is joint work by the following authors (alphabetical order):
Daniel J. Bernstein, University of Illinois at Chicago, USA, and Technische Universiteit Eindhoven, Netherlands
Tanja Lange, Technische Universiteit Eindhoven, Netherlands
Please include an option to chose and order curves; please prioritize Curve25519 above all if it has not been done so already.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•