Elliptic curves in tinc

Julien Muchembled jm at jmuchemb.eu
Tue Mar 25 18:41:38 CET 2014


There has been a recent discussion on debian-devel on this subject:
  RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)

In particular:

* http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567

  We can read that 4096-bit RSA should be preferred over ECDSA.

  http://safecurves.cr.yp.to/ does not list P-521 but there's no reason to think it does not have any flaw of other NIST curves. E-521 may be a better choice but it seems too new.

Then I wonder: would it be possible to choose the algo to use in the new tinc protocol ?
(BTW, when testing ExperimentalProtocol=yes, I was surprised to see that tincd refuses to start if there's no private RSA key)

* http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567

  How is ECDSA used in Tinc ? It seems a proper implementation is to not rely on a RNG, as described by RFC 6979.


About performance:
                              sign    verify    sign/s verify/s
 521 bit ecdsa (nistp521)   0.0005s   0.0012s   1891.0    829.8
 rsa 4096 bits              0.010225s 0.000164s   97.8   6100.3

I guess Tinc uses both operations equally, so RSA would be slower.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140325/158a223e/attachment.sig>


More information about the tinc mailing list