Elliptic curves in tinc
Julien Muchembled
jm at jmuchemb.eu
Tue Mar 25 18:41:38 CET 2014
There has been a recent discussion on debian-devel on this subject:
RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
In particular:
* http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567
We can read that 4096-bit RSA should be preferred over ECDSA.
http://safecurves.cr.yp.to/ does not list P-521 but there's no reason to think it does not have any flaw of other NIST curves. E-521 may be a better choice but it seems too new.
Then I wonder: would it be possible to choose the algo to use in the new tinc protocol ?
(BTW, when testing ExperimentalProtocol=yes, I was surprised to see that tincd refuses to start if there's no private RSA key)
* http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567
How is ECDSA used in Tinc ? It seems a proper implementation is to not rely on a RNG, as described by RFC 6979.
About performance:
sign verify sign/s verify/s
521 bit ecdsa (nistp521) 0.0005s 0.0012s 1891.0 829.8
rsa 4096 bits 0.010225s 0.000164s 97.8 6100.3
I guess Tinc uses both operations equally, so RSA would be slower.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140325/158a223e/attachment.sig>
More information about the tinc
mailing list