michael at briarproject.org
Thu Jul 4 17:18:23 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 04/07/13 22:07, James A. Donald wrote:
> 106 bits is still far too small. Seems to me that they only
> increased it as needed to defeat DecryptoCat, not as needed to
> defeat an NSA farm running dedicated special purpose hardware.
> Why not use an elliptic curve whose points are, in compressed
> form, about 256 bits, which is the size I chose for Crypto Kong,
> many, many years ago, when computers were far less powerful. I
> chose that after looking at various cracking efforts as the minimum
> size that I was pretty sure that the NSA could not beat, then or in
> the reasonably near future.
The choice of curve wasn't the problem - they were using Curve25519
but messing up the random number generation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography