From 33797fe6d5375d34c17e093e63011d813e260da8 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 4 Mar 2013 14:26:56 +0000 Subject: -go to more sane ECC curve to be more DoS-resistant --- src/include/gnunet_crypto_lib.h | 4 ++-- src/include/gnunet_testing_lib.h | 2 +- src/util/crypto_ecc.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 5b6d238c5..4dfe618a9 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -97,12 +97,12 @@ enum GNUNET_CRYPTO_Quality * Maximum length of an ECC signature. * Note: round up to multiple of 8 minus 2 for alignment. */ -#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 190 +#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126 /** * Maximum length of the public key (q-point, Q = dP) when encoded. */ -#define GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH 140 +#define GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH 76 /** diff --git a/src/include/gnunet_testing_lib.h b/src/include/gnunet_testing_lib.h index 8a2910450..630152ddf 100644 --- a/src/include/gnunet_testing_lib.h +++ b/src/include/gnunet_testing_lib.h @@ -50,7 +50,7 @@ extern "C" * curves (rounded up to the next full KB to make IO nicer); it is NOT * the number of bits in the key. */ -#define GNUNET_TESTING_HOSTKEYFILESIZE 2048 +#define GNUNET_TESTING_HOSTKEYFILESIZE 1024 /** * Handle for a system on which GNUnet peers are executed; diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index d89989bd4..ea6dde647 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -30,7 +30,7 @@ #define EXTRA_CHECKS ALLOW_EXTRA_CHECKS -#define CURVE "NIST P-521" +#define CURVE "NIST P-256" #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) -- cgit v1.2.3