Is Diffie-Hellman needed?

justina colmena ~biz justina at colmena.biz
Thu Jan 13 09:41:18 UTC 2022



On January 12, 2022 4:22:00 PM AKST, Joseph Tam <jtam.home at gmail.com> wrote:
>
> 	- perfect forward secrecy: the disclosure of a private
> 	key will not compromise past traffic.  This is probably the
> 	more compelling reason.
>
As to ECC vs. the "old fashioned" RSA paradigm based on the difficulty of factoring very large natural numbers --- that's a totally separate issue, irrelevant to that of choosing protocols that offer PFS over those that do not.

I'm "convinced" on no special considerations beyond elementary math that the product of two large randomly chosen primes numbers is darn near impossible to factor on modern computers. Scientists have tried and failed and assiduously documented their vain attempts at cracking the RSA challenge up to commonly used key size parameters.

The ECC business for involves too many secret codes and ciphers coming out of a college fraternity or university dormitory, and it's not clear to me as an outsider what it offers beyond smoke-and-mirrors obfuscation and security by obscurity of the algorithm. The magic numbers and specially chosen curve parameters like "25519" offered as is without explanation are alarming to me as if someone is trying to pull the wool over my eyes with the fancy maths.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the dovecot mailing list