On Thu, October 20, 2016 7:38 am, Leonard den Ottolander wrote: > Hello Alice, > > On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote: >> I formerly used secp521r1 but suddenly Google with no warning stopped >> supporting it in chrome. That company is too powerful. <rant> It is. As anything behind which secret [service] taxpayer money quite likely is. But the awful thing is that everyone of us who usees google anything, gmail included, are part of the problem. Yes, indeed, we need to look into mirror and answer honestly to ourselves about that. Disregarding that the truth hurts. </rant> Ironically, many of us displeased with google (vocally on this list that is) post from gmail accounts ;-) Valeri > > Actually this is something the NSA insists on: > > https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa > > Q: To whom is the CNSS Advisory Memorandum 02-15 addressed? > A: NSA's announcement of changes from Suite B cryptography to the > Commercial National Security Algorithm Suite are for organizations that > run classified or unclassified national security systems (NSS) and > vendors that build products used in NSS. <snip> > > I suppose Google is such a vendor. > > Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS? > A: In order to enhance system interoperability NSA recommends the use of > NIST P-384. CNSSP-15 does not permit use of NIST P-521. Use of NIST > P-521 needs to be approved by NSA as an exception to policy. This > continues under CNSS Advisory Memorandum 02-15. > > Because of "interoperability" the use of strong crypto is discouraged. > > Reminds me of the fact that not so long ago (and quite a while after the > algorithm was considered broken) openwall (then org, now com) insisted > on standardizing on MD5 for password hashes in phpass "because the > algorithm is available on nearly every system." As if catering for the > lowest common denominator is good practice when security is a concern. > > Regards, > Leonard. > > -- > mount -t life -o ro /dev/dna /genetic/research > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++