[CentOS] Elliptic curve on Centos 6.x

Fri Jan 3 01:05:42 UTC 2014
David Benfell <benfell at parts-unknown.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 01/02/2014 01:22 PM, m.roth at 5-cent.us wrote:
> Eero Volotinen wrote:
>> 
>> Is there nice way to put back EC encryption on Centos?
>> 
>> RHEL disabled it due "patent issues", but is third party
>> providing packages to EC enabled packages to centos ?
> 
> *Which* elliptic curve? I trust you've been reading the revelations
> from Snowdon about the NSA putting a backdoor in the common ones,
> esp. the POSIX ones.

- From what I've been able to find, this is a bit overstated.

There is *one* random number algorithm (Dual_EC_DRBG) associated with
ECC that is believed to have been compromised. That it appeared
vulnerable has long been known; Bruce Schneier wrote about it in 2007.
It also happens to be inefficient and so is not widely used (but a few
commercial products use it).

http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

I was unable to find an associated vulnerability in Linux. I trust the
OpenSSL folks would be on top of this faster than you can blink an eye
if it were a current issue. They have not, from what I've seen,
reacted to the revelations.

http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220

- -- 
David Benfell
see https://parts-unknown.org/node/2 if you don't understand the
attachment
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSxgzmAAoJEKrN0Ha7pkCOG1UP/2Tpcnv7JXSombnxZ6Jb511m
xkUqLpj4XUiZ+ENIHtzbZSJ9lasAuXBiwfkqr+6Au/8e0Ogbx9KxlofaK6wEU2CI
ay2Mpx204CIokZguLxH5ZsltDRcV+AgcCU3queHe//4Y4VxeQoHpfrJh+CdHKrG7
nOIq5ZqC2X58mwJFXtjdTR0J+VjstPFQfP5qtLQeOXI7/rra+oHis+dcBYW3L+T9
Li9eUqY2Qb++W+5PwA8YHqqHPCxOcmbk/kY1/BC46mItEyJEjpOEh+iR2INt21i+
F9FnNHQDrOkbfqQBQaX7wWWXVCjEoi6Z4USIUZLDsPIgwX8Uf2h2D3a4q+WBHDtI
d6Vvr02+hyH0XupZP8EkhFr01CtReqPFJv1j+zzQB0+yu8QW0AOf/RTCxqHMESPG
1DZBL0rbsqY+FvdyKGVUiGZMttOGsHAfwIKMbz3XzbEyCdIzWytf50dt9y6tM1wy
6NBY3fNZ6nlPozjeXaZsT5Q5pEjut04Djhql1PpckOlddgsYV78tdOXl0nJRGB2R
ZvHkFTOTj430eQa9iZ68Ud6yirI/Cnv3au4tye5uwM0QEhck6RLAAtloCDrU7ZJA
tWOqtRLtiysLARjBDvE61BjC4btsaeahuxxspWZ97A9ZSxh2iiKHmnzZoEMlXL0I
ABJTAq0gI+QuKXaj7Ehc
=//KB
-----END PGP SIGNATURE-----