Blog Archives: Computers
Elliptic curve cryptography on Google
Ten years ago, in September 2001, I started working at Sun Microsystems Laboratories, on a project to integrate a new form of cryptography, elliptic curve cryptography (ECC), in the web’s security infrastructure (the SSL/TLS protocol). There were several milestones along the way: the first contribution of our code to the OpenSSL and Mozilla projects in 2002 and 2003, publications describing our work in top security conferences, interoperability testing in 2005/2006, the official conclusion of the Sun Labs project around 2005, and the final publication of the standard defining the use of ECC in TLS in 2008. Our code can be found on literally billions of computers worldwide: in every version of Mozilla Firefox (type about:credits to see my name!), every version of Google Chrome, every version of the Apache web server, and on every Mac and Linux computer.
Google.com using ECDHE_RSA This past week another major milestone in the deployment of elliptic curve cryptography has happened: Google has enabled the use of ECC on its secure web pages as the default algorithm. (More precisely, the ECDHE_RSA_RC4_SHA cipher suite is the default cipher suite.) As far as I know, this is the first large scale site to enable ECC. Google has for some time been leading efforts on improving the speed and effectiveness of security protocols on the web.
If you use Firefox or Chrome, your web browser will automatically use ECC whenever you visit a secure Google page. The main benefit of this technology is that your data is encrypted using a temporary key, rather than a permanent key, so even if Google’s permanent key is compromised in the future, your past communications will remain secure (this is called “forward secrecy”). Elliptic curve cryptography is quite fast, so it can do this with adding very little computational burden to your computer, so you shouldn’t notice any performance impact from this enhanced security.
For more information, check out the official Google security blog post as well as more details from one of the Google engineers.
View comments (0) or Post a comment
RFC 5656
Today, my first RFC was published: RFC 5656, which describes the use of elliptic curve cryptography in the Secure Shell (SSH) protocol. For those who don’t know, Requests For Comments (RFCs) describe technical standards that are used to specify how computers interact on the Internet. The Secure Shell protocol is used for remote command-line login and is very important for us geeky folks. My standard describes how to use elliptic curve cryptography in SSH. I published the first draft of this standard all the way back in November 2003 while I was working with Sun Labs. After six years, it’s finally made it through the process to become a standard!
View comments (1) or Post a comment
Website redesign
Comparing old and new website designs After 7 years of using the same basic layout of my website, and over 2 years of the same exact graphic design, I have done a complete redesign of my blog. While I liked the old design and thought it stood the test of time fairly well, it’s time for a change. With this new design, it will be much easier for me to maintain and improve going forward, and I think it looks much nicer. (If you’re reading this post on Facebook, why not click through to my website to see the real deal?)
Some of the new features include:
- fancy fonts using new @font-face support
- improved slideshows in my picture galleries (i.e., they should actually work now)
- improved panorama displays and links
- all kinds of pretty CSS effects (shadows, rounded corners) in modern browsers (Firefox, Safari, and Chrome)
- better organization of much content, especially including my research papers
Leave me a comment if you have any problems viewing the website. Note that if you’re using a really old browser (like Internet Explorer 6), it’s time to upgrade.
View comments (0) or Post a comment
Elliptic curve cryptography in Firefox 2
I know that many (23.9%) of my readers use Firefox (and to the remaining 55% using Internet Explorer: you should seriously consider switching). Firefox 2 has just been released; if you don’t already have it through automatic updates, you should be getting it shortly. Aside from being an apparently nice upgrade, it also contains much of the work I’ve doing with Sun Microsystems over the past few years in the form of elliptic curve cryptography in the security layers. We started working on the code in 2002 and started contributing it to the Mozilla project codebase in 2003. Finally, some four years later, it’s being shipped. It will still be sometime before any https websites you visit use elliptic curve crypto, but if you visit this test server, you can try connecting. If you see a message saying that you have negotiated the “TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA” cipher suite, then you’re using the new elliptic curve cryptography code (and a few other enhancements, like the AES cipher for bulk encryption) and your computer is doing my bidding!
View comments (2) or Post a comment
LaTeX Blackboard Bold 1
LaTeX blackboard bold one A request to my math-oriented readers. Does anyone know how to do a good blackboard bold 1 (one) in LaTeX? The simple \mathbb{1} doesn’t work because the numbers aren’t defined in the mathbb font. I’ve come up with the following hack, which produces the image at left, but it’s not perfect, because it’s not actually a font glyph but a 1 with a line. If you’ve got a better way, please let me know.
\newcommand{\1}{{\rm 1\hspace*{-0.4ex}%
\rule{0.1ex}{1.52ex}\hspace*{0.2ex}}}
View comments (1) or Post a comment
Computer History Museum
Friday afternoon I visited the newly-opened Computer History Museum. Although not yet finished, major pieces from the permanent collection were on display.
One of the machines displayed was an Enigma machine, the most famous cryptographic tool from World War II.
Colossus Also on display was the only remaining part (a cylinder, visible in the picture at right) from one of the Colossus machines designed to help break the Lorenz code (University of Waterloo professor emeritus Bill Tutte cracked the Lorenz code). The world’s first programmable electronic computer, it was destroyed after the war, and its existence classified until just recently.
Cray 2 Among the more modern machines were the Cray-1 and Cray-2 (the Cray-2 is shown at left). As you can see, the earlier designs were circular. This allowed the wires connecting the various modules to go around the centre, thus shortening the length of the wires and allowing faster operation.
The neatest machine may have been the Hollerith Census Machine, which was used to tabulate the 1890 US Census. Hollerith merged with C-T-R (Computing-Tabulating-Recording) Company and in 1924 changed its name to International Business Machines.
There was also a SUN-1 workstation, the first virtual reality goggles (designed by a graphics researcher named Ivan Sutherland), a Pixar Image Computer, and a both an Apple I and an Apple Cube. A great trip through history. See also Meredith’s blog entry about our trip.
