You are not logged in.
- Topics: Active | Unanswered
#1 2026-05-04 22:28:40
- Greg0r
- Member
- Registered: 2019-01-28
- Posts: 50
x25519
is support planned? P-256 seems to be "less trusted"
Offline
#2 2026-05-05 06:16:08
Re: x25519
It is supported via OpenSSL, as caaEdDSA defined in mormot.crypt.secure catalog.
Not yet in pure pascal code.
P-256 is not "less trusted". Both have 128-bit of security, and the same 256-bit storage size.
P-256 had some timing issue, but it is dependent on the implementation, not the algorithm itself. In OpenSSL, they have the same level of trust. And you won't use our pure pascal code if you want to be easily audited anyway.
https://soatok.blog/2022/05/19/guidance … m-in-2022/
With 128-bit of security, both are safer than RSA-2048 which offers only 112-bit.
The big next thing would be post-quantum-cryptography, not switching to ED25519.
https://github.com/synopse/mORMot2/issues/470
Offline
#3 2026-05-08 14:41:36
- Greg0r
- Member
- Registered: 2019-01-28
- Posts: 50
Re: x25519
thanks for info and good blog url
PQC-even there the guy recommed to use hybrid ML 768+X25519, so could be used also.
What's the problem with pure pascal and audtis? So why to create or use any cipher in pascal if auditors respect only "reputable" code, and who decides what is "reputable"?
OpenSSL 4.0 or libsodium aready suports post quantum KEM
Offline
#4 2026-05-08 15:13:35
Re: x25519
Security external auditors have usually poor coding skills.
They mostly verify methodology, cipher suites and known library version numbers, and if there are some known CVE reports about them.
They can't read pascal code, and take the time to check if it is correctly implemented.
Ready my feature request issue #470 you will see I detail it, especially that OpenSSL is one solution.
Offline