[cryptography] SSH uses secp256/384r1 which has the same parameters as what's in SEC2 which are the same the parameters as specified in SP800-90 for Dual EC DRBG!

Alexander Klimov alserkli at inbox.ru
Mon Sep 9 07:07:58 EDT 2013


On Mon, 9 Sep 2013, Daniel wrote:
> Is there anyone on the lists qualified in ECC mathematics that can
> confirm that? 

NIST SP 800-90A, Rev 1 says:

 The Dual_EC_DRBG requires the specifications of an elliptic curve and 
 two points on the elliptic curve. One of the following NIST approved 
 curves with associated points shall be used in applications requiring 
 certification under [FIPS 140]. More details about these curves may 
 be found in [FIPS 186], the Digital Signature Standard.

> And what ramifications it has, if any..

No. They are widely used curves and thus a good way to reduce 
conspiracy theories that they were chosen in some malicious way to 
subvert DRBG.

-- 
Regards,
ASK


More information about the cryptography mailing list