[Cryptography] FREAK attack
Viktor Dukhovni
cryptography at dukhovni.org
Sat Mar 7 14:33:44 EST 2015
On Sat, Mar 07, 2015 at 01:36:47PM -0500, Phillip Hallam-Baker wrote:
> 201x Preferred: IETF-EC-448, SHA2-512, AES-256
>
> Curve 25519 is acceptable for perfect forward secrecy but only with some
> changes to the key exchange so the session keys are generated from the
> WF128 and WF256 keys and not just the weaker one.
In the context of Curve 22519 ECDHE, what are the WF256 keys? Are
you suggesting a combination of static ECDH based on the server's
EC-448 certificate with Curve 25519 ECDHE? Would it not be simpler
to just use EC-448 for the ephemeral key exchange also?
--
Viktor.
More information about the cryptography
mailing list