The microblog: 2020.01.15 20:35:01

2020.01.15 20:35:01 (1217530648274980864) from Daniel J. Bernstein, replying to "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)" (1217483731742662656):

See (from @hyperelliptic and me), which says in Β§1 that "unnecessary complexity in ECC implementations" creates "ECC security failures", and says in Β§11 that allowing run-time curve choices causes "obvious damage to implementation simplicity". Told ya so.


2020.01.15 17:26:46 (1217483273322074114) from "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)":

There's something about this Windows/ECC vuln that bugs me. I had known this feature for custom curves exists. My opinion on it was "This looks like useless complexity and asking for trouble, nobody should ever implement it".

2020.01.15 17:27:19 (1217483410983346177) from "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)", replying to "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)" (1217483273322074114):

I am not sure if I ever wrote about this anywhere. So I can't even say "told ya so". But I'm sure this is not my private opinion, I'm sure you could ask any random person familiar with TLS and chances are they'd share that opinion.

2020.01.15 17:27:55 (1217483563345629192) from "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)", replying to "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)" (1217483410983346177):

Yet it seems Microsoft has implemented this relatively recently. Why? Has noone told them "this is useless complexity and asking for trouble"? And should we have done that?

2020.01.15 17:28:36 (1217483731742662656) from "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)", replying to "hannoπŸ’‰πŸ’‰πŸ’‰πŸ’‰ (@hanno)" (1217483563345629192):

I mean should I have written a paper "This looks like useless complexity and asking for trouble"? It would be a pretty short paper, but I could say "told ya so" now if I had written it.