linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1495091] Re: support for ciphers with elliptic curves

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: cologic <1495091@xxxxxxxxxxxxxxxxxx>
Date: Sat, 12 Sep 2015 14:28:48 -0000
Reply-to: Bug 1495091 <1495091@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1484807 ***
https://bugs.launchpad.net/bugs/1484807

I fully support elliptic curve cryptography, but your statement that
"There is no support for ciphers with elliptic curves in current
versions of dc++ (v0.851)." is simply inaccurate.

For the record, as of DC++ 0.851, it supports the following
ciphersuites, copy/pasted directly from CryptoManager.cpp: "ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-
AES128-SHA:AES128-SHA". ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-
AES128-SHA256, and ECDHE-RSA-AES128-SHA do use elliptic curves.

Regarding ECDSA specifically, vs the also-elliptic-curve ECDHE, https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys/41509 and, for example:
"Also, DSA and ECDSA have a nasty property: they require a parameter usually called k to be completely random, secret, and unique. In practice that means that if you connect to your server from a machine with a poor random number generator and e.g. the the same k happens to be used twice, an observer of the traffic can figure out your private key. (source: Wikipedia on DSA and ECDSA, also this)."

As https://tools.ietf.org/html/rfc6979 elaborates:
One characteristic of DSA and ECDSA is that they need to produce, for
each signature generation, a fresh random value (hereafter designated
as k). For effective security, k must be chosen randomly and
uniformly from a set of modular integers, using a cryptographically
secure process. Even slight biases in that process may be turned
into attacks on the signature schemes.

ECDHE-RSA-* don't have this problem, while ECDHE-ECDSA-* at least
historically have.

It's possible that
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=190c615d4398cc6c8b61eb7881d7409314529a75
adequately protects against this threat, though it does not implement
RFC 6979 per se. I'll investigate whether ECDSA's glass jaw has been
adequately ameliorated.

--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1495091

Title:
support for ciphers with elliptic curves

Status in DC++:
New

Bug description:
There is no support for ciphers with elliptic curves in current versions of dc++ (v0.851).
I'am a Luadch dev and our hubsoft is using a cert with an elliptic curve 256bit prime key.
It would be great if dc++ supports these cipher suites:

TLSv1:

ECDHE-ECDSA-AES128-SHA

TLSv1.2:

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256

PS: I know dc++ not support AES256 ciphers thatsthe reason why i only
added AES128 ones.

greets pulsar

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1495091/+subscriptions

References

[Bug 1495091] [NEW] support for ciphers with elliptic curves
From: pulsar, 2015-09-12