[cryptography] What's the point of using non-NIST ECC Curves?

Tony Arcieri bascule at gmail.com
Mon Oct 13 12:14:15 EDT 2014


On Mon, Oct 13, 2014 at 7:51 AM, Derek Miller <dreemkiller at gmail.com> wrote:

> If the NIST curves are weak in a way that we don't understand, this means
> that ECC has properties that we don't understand.
>

While there's djb's worry that the NSA may have tweaked a curve parameter
in such a way as to generate a curve with a one-in-a-million weakness that
only they know how to exploit, the NIST curves are weak in other known ways:

https://safecurves.cr.yp.to

Additionally, newer curves are being picked with an emphasis on performance

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20141013/45d309e9/attachment.html>


More information about the cryptography mailing list