Re: [Cfrg] Fwd: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
denis bider <ietf-cfrg@denisbider.com> Sat, 31 October 2015 08:38 UTC
Return-Path: <ietf-cfrg@denisbider.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 390981A8748 for <cfrg@ietfa.amsl.com>; Sat, 31 Oct 2015 01:38:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzAlGzY6E_El for <cfrg@ietfa.amsl.com>; Sat, 31 Oct 2015 01:38:11 -0700 (PDT)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB0A1A8731 for <cfrg@irtf.org>; Sat, 31 Oct 2015 01:38:11 -0700 (PDT)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for cfrg@irtf.org; Sat, 31 Oct 2015 08:38:09 +0000
Date: Sat, 31 Oct 2015 08:38:09 +0000
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Message-ID: <1401320165-1784@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-cfrg@denisbider.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="=-UB7rC5gNjqZtM8c98W80"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/bU0VCk1pUlRQ_sgzT8EWDw4AKlo>
Cc: pgut001@cs.auckland.ac.nz
Subject: Re: [Cfrg] Fwd: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2015 08:38:13 -0000
My understanding is it's common to feed the entropy of the message being signed into the RNG to prevent "k" reuse during e.g. VM state resumption. Furthermore, RFC 6979 specifies how to implement deterministic DSA, which does not lose compatibility with unaware implementations. I have updated the draft, which now additionally defines "rsa-sha2-256", which also requires a facelift: http://www.denisbider.com/draft-rsa-dsa-sha2-256.txt The Security Considerations section now references RFC 6979 and recommends deterministic signatures with DSA. BTW - Hanno Boeck: Your messages are coming across in a way that requires an attachment to be opened in order to see message contents. I would not have opened the TXT attachment if it wasn't for Peter Gutmann's reply. I believe this is due to the use of "Content-Type: multipart/signed", which is not recognized by all email software. ----- Original Message ----- From: Damien Miller Sent: Friday, October 30, 2015 16:27 To: denis bider Cc: cfrg@irtf.org Subject: Re: [Cfrg] Fwd: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm On Thu, 29 Oct 2015, denis bider wrote: > Because variety is good. At Bitvise, our software supports ECDSA over NIST > curves, and I'm going to implement EdDSA. However, if something turns out to > be not-as-great-as-we-expected with elliptic crypto, RSA would be all we > have left. > > Everything in elliptic curve is too many eggs in one basket, I reckon. > > What's wrong with large-key DSA? It breaks in the most catastrophic possible way (private key leak) when a less-than-perfect PRNG is used. -d
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… denis bider
- [Cfrg] Fwd: Re: Proposal and intent to implement … Stephen Farrell
- [Cfrg] Fwd: Re: Proposal and intent to implement … denis bider
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… Tony Arcieri
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… Damien Miller
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… Hanno Böck
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… Daniel Kahn Gillmor
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… Peter Gutmann
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… denis bider
- Re: [Cfrg] Fwd: Re: Proposal and intent to implem… denis bider