Re: [TLS] Static DH timing attack

Achim Kraus <achimkraus@gmx.net> Thu, 10 September 2020 13:36 UTC

To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
References: <5595BB40-3AFD-4327-B7B7-5E63FFC594DD@akamai.com> <1599729784370.87441@cs.auckland.ac.nz>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <fff1a66a-0a49-cfbd-461a-c1d0ed3aeaaa@gmx.net>
Date: Thu, 10 Sep 2020 15:36:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <1599729784370.87441@cs.auckland.ac.nz>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3eyxUs3dUIfkhpHzPiGwPlppmhA>
Subject: Re: [TLS] Static DH timing attack
Precedence: list

Am 10.09.20 um 11:23 schrieb Peter Gutmann:
>
> Reason the second: Telling people not to use static-ephemeral DH will mean
> telling them not to use 25519 key exchange, which will make their heads
> asplode.
>
> Peter.

So, risking damaged heads:
Does using x25519 for ECDHE is significant less secure
than using it with e.g. secp384r1?

Or do I mix-up things and "DH with 25519 keys" is something different?

best regards
Achim Kraus

[TLS] Static DH timing attack Salz, Rich
Re: [TLS] Static DH timing attack Dmitry Belyavsky
Re: [TLS] Static DH timing attack Karthik Bhargavan
Re: [TLS] Static DH timing attack Peter Gutmann
Re: [TLS] Static DH timing attack Achim Kraus
Re: [TLS] Static DH timing attack Dan Brown
Re: [TLS] Static DH timing attack Hugo Krawczyk
Re: [TLS] Static DH timing attack Salz, Rich
Re: [TLS] Static DH timing attack Peter Gutmann
Re: [TLS] Static DH timing attack Peter Gutmann
Re: [TLS] Static DH timing attack Salz, Rich
Re: [TLS] Static DH timing attack Russ Housley
Re: [TLS] Static DH timing attack Filippo Valsorda
Re: [TLS] Static DH timing attack Peter Gutmann
Re: [TLS] Static DH timing attack Peter Gutmann
Re: [TLS] Static DH timing attack Filippo Valsorda
Re: [TLS] Static DH timing attack Lanlan Pan