Support for "safe" elliptic curves

This forum is for general conversation and user-user networking.
Post Reply
Zorro123987
OpenVpn Newbie
Posts: 2
Joined: Wed Feb 06, 2019 11:26 pm

Support for "safe" elliptic curves

Post by Zorro123987 » Wed Feb 06, 2019 11:36 pm

Hi all,

I'd like to do a pure elliptic curve crypto setup and use an elliptic curve that has been rated safe on http://safecurves.cr.yp.to.

Calling "openvpn --show-curves" on OpenVPN 2.4.6 gives me this result:

secp112r1
secp112r2
secp128r1
secp128r2
secp160k1
secp160r1
secp160r2
secp192k1
secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
prime192v1
prime192v2
prime192v3
prime239v1
prime239v2
prime239v3
prime256v1
sect113r1
sect113r2
sect131r1
sect131r2
sect163k1
sect163r1
sect163r2
sect193r1
sect193r2
sect233k1
sect233r1
sect239k1
sect283k1
sect283r1
sect409k1
sect409r1
sect571k1
sect571r1
c2pnb163v1
c2pnb163v2
c2pnb163v3
c2pnb176v1
c2tnb191v1
c2tnb191v2
c2tnb191v3
c2pnb208w1
c2tnb239v1
c2tnb239v2
c2tnb239v3
c2pnb272w1
c2pnb304w1
c2tnb359v1
c2pnb368w1
c2tnb431r1
wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid-wtls11
wap-wsg-idm-ecid-wtls12
Oakley-EC2N-3
Oakley-EC2N-4
brainpoolP160r1
brainpoolP160t1
brainpoolP192r1
brainpoolP192t1
brainpoolP224r1
brainpoolP224t1
brainpoolP256r1
brainpoolP256t1
brainpoolP320r1
brainpoolP320t1
brainpoolP384r1
brainpoolP384t1
brainpoolP512r1
brainpoolP512t1

I couldn't find any safe curve like Curve25519 or Curve448 in this list. A lot of currently supported curves were developed by NIST and other institutes which you better shouldn't trust.

Can you please tell me when any safe curve will be implemented in OpenVPN?

Thanks so much for your reply.

Best,
Zorro

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5319
Joined: Fri Jun 03, 2016 1:17 pm

Re: Support for safe elliptic curves

Post by TinCanTech » Thu Feb 07, 2019 10:17 pm

The website you have chosen clearly states the following:
"Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation."
So, it is unlikely their opinions will have any influence until they gain some clear support.

Also, OpenVPN Community Edition is bought to you by volunteers, who don't have time for such claims.

Zorro123987
OpenVpn Newbie
Posts: 2
Joined: Wed Feb 06, 2019 11:26 pm

Re: Support for "safe" elliptic curves

Post by Zorro123987 » Thu Feb 07, 2019 10:47 pm

Oh, great! I did not expect *SUCH* a friendly response. Thank you so much!

Post Reply