[cryptography] [Cryptography] are ECDSA curves provably not cooked? (Re: RSA equivalent key length/strength)

Tony Arcieri bascule at gmail.com
Tue Oct 1 16:10:32 EDT 2013

On Tue, Oct 1, 2013 at 12:00 PM, Jeffrey Goldberg <jeffrey at goldmark.org>wrote:

> If the NSA had the capability to pick weak curves while covering their
> tracks in such a way, why wouldn’t they have pulled the same trick with
> Dual_EC_DRBG?

<tinfoilhat>They wanted us to think they were incompetent, so we would
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST curves</tinfoilhat>

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131001/40ff81cf/attachment.html>

More information about the cryptography mailing list