Note: There are some very weak cipher suites in every crypto library, most of
them for historic reasons or due to legacy standards. The crypto export embargo
-is a good example
-\footnote{\url{http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States}}.
+is a good example\cite{Wikipedia:ExportCipher}.
For the following chapter support of these low-security algorithms is disabled by setting
\texttt{!EXP:!LOW:!NULL} as part of the cipher string.
\textbf{Elliptic Curves}\ref{section:EllipticCurveCryptography} required by current TLS
standards only consist of the so-called NIST-curves (\texttt{secp256r1} and
\texttt{secp384r1}) which may be weak because the parameters that led to their generation
-weren't properly explained (by the NSA).\footnote{\url{http://safecurves.cr.yp.to/rigid.html}} \\
+weren't properly explained (by the NSA)\cite{DJBSC}. \\
Disabling support for Elliptic Curves leads to no ephemeral key exchange being available
for the Windows platform. When you decide to use Elliptic Curves despite the uncertainty,
make sure to at least use the stronger curve of the two supported by all clients
month=may,
url="http://www.ietf.org/rfc/rfc3526.txt",
}
+
+@techreport{DJBSC,
+ key = {DJB},
+ title = {SafeCurves: choosing safe curves for elliptic-curve cryptography},
+ year = {2013},
+ month = Dec,
+ type = {Technical Background},
+ url = {http://safecurves.cr.yp.to/rigid.html},
+ note = {Accessed 2013-12-09},
+}
+
+@techreport{Wikipedia:ExportCipher,
+ key = {Wikipedia:ExportCipher},
+ title = {Export of cryptography in the United States},
+ institution = I_Wikipedia,
+ year = {2013},
+ month = Dec,
+ type = {Wikipedia},
+ url = {http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
+ note = {Accessed 2013-12-09},
+}
git.bettercrypto.org / ach-master.git / commitdiff