[cryptography] DeCryptocat

Michael Rogers michael at briarproject.org
Thu Jul 4 17:18:23 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/07/13 22:07, James A. Donald wrote:
> 106 bits is still far too small.  Seems to me that they only
> increased it as needed to defeat DecryptoCat, not as needed to
> defeat an NSA farm running dedicated special purpose hardware.
> 
> Why not use an elliptic curve whose points are, in compressed
> form, about 256 bits, which is the size I chose for Crypto Kong,
> many, many years ago, when computers were far less powerful.  I
> chose that after looking at various cracking efforts as the minimum
> size that I was pretty sure that the NSA could not beat, then or in
> the reasonably near future.

The choice of curve wasn't the problem - they were using Curve25519
but messing up the random number generation.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJR1eafAAoJEBEET9GfxSfMfWwH/R/Rq/I02dMcmheZuIStT8lG
dwTnBM7ZLqXywpvVjS4SDKDTcSC8EfrFx/QW2906VTqMDn5wNePe9BZegsZGIP5Q
C+R/Kz8ahaUdJMbwHI0FrwdvrkCot1K8L8qWacUf/osZ/uP0Xrx7CEqk0Xi7OFLu
jFTyj5hjSUWg7MctNfmCn6ElMaMO81Fc91aZGKxLRw4z7XBOSBGhcEuXoTpuQAAI
2Y7CkhXhuvdW1DpneD0EXRiyM0DK0/OKOQwoTvfHQXzHubss50Ke0OlqEiAhzRzw
BPCTlVMCKF0dmgL7/EZ7Z60/JxSCRJ847uN1P76POEw+Ez9akzvaC9S/lveLyEs=
=BggH
-----END PGP SIGNATURE-----


More information about the cryptography mailing list