## Wii Uses Elliptic Curve Cryptography For Saves 183

An anonymous reader writes

*"A user at the Nintendo-Scene forums just posted a lengthy post about his discovery that the Wii savegame files are signed and encrypted with NIST B 233 bit elliptic curve cryptography. Could this be the first step for a Wii softmod the homebrew community have waited for? From the post: 'It appears a Wii savegame file ends with a certificate chain. The certificates contains a public keypair (the one that is being "certified") and a signature (another number pair) from the signing entity. The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second). Hence, the first and middle byte is always 00 or 01 for keys, and 00 for signatures. One can check that the keys are indeed NIST B 233 keys using openssls EC_KEY_check_key function (code forthcoming).'"*
## It seems to me... (Score:5, Informative)

That this likely means the exact opposite. Elliptic Curve Cryptography [wikipedia.org] is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 [certicom.com] or 15,000 [certicom.com] computer-years (whether it's a binary or prime field case, respectively).

Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.

## Re:It seems to me... (Score:5, Informative)

But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.

## Re:Uhh (Score:2, Informative)

## Re:Mod parent troll (Score:3, Informative)

## Re:Uhh (Score:2, Informative)

When you buy a car, does the dealership forcefully prevent you from using "unapproved" gasoline ? Do they tell you which bumper stickers you're allowed to stick, and where ? Do they come and smash your car with a crowbar if you disobey ?

## Re:It's just like Demolition Man... (Score:4, Informative)

I don't want to worry you, but there's a possibility that cryptographers have thought of that.

For example: [purselipsquarejaw.org]