[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ike and elliptic curves
the original IKE (OAKLEY) groups had elliptic curves over binary fields GF_2^m
where m is a composite number. This is considered less secure than using fields
GF_2^m where m is a prime number. The new elliptic curve groups recently
introduced address those security concerns (as well as align with other
standards). See <draft-ietf-ipsec-ike-ecc-groups-01.txt> on the IPSec site for
details.
Paul
Niels Provos <provos@citi.umich.edu> on 11/11/99 06:44:53 AM
To: John Harleman/Certicom@Certicom
cc: jerome@psti.com, ipsec@lists.tislabs.com (bcc: Paul Fahn/Certicom)
Subject: Re: ike and elliptic curves
In message <85256826.00177474.00@domino2.certicom.com>, "John Harleman" writes:
>the groups are not necessarily too small, but of questionable security (they
>were excluded by ansi and the national institute of standards and technology)
>and don't align with the fips curves as well. we've actually submitted a draft
Too small meaning the it takes less time to compute the ECDL than to
search for a 3DES key. That the groups are defined over subfields is
another problem, though not that serious.
Greetings,
Niels.