[cryptography] What's the point of using non-NIST ECC Curves?

Derek Miller dreemkiller at gmail.com
Mon Oct 13 12:19:07 EDT 2014

Thanks for the additional scenario (I had not even considered trusting the
NSA, so had not considered that scenario).
However, both scenarios (NSA engineered them to be bad, NSA engineered them
to be good) mean that the NSA knows a great deal more about weaknesses in
Elliptic Curve Cryptography than we do. Doesn't that give you great pause
in using the algorithm at all?

On Mon, Oct 13, 2014 at 10:53 AM, Derek Miller <dreemkiller at gmail.com>

> For curve P-192, SEED = 3045ae6f c8422f64 ed579528 d38120ea e12196d5
> For curve P-224, SEED = bd713447 99d5c7fc dc45b59f a3b9ab8f 6a948bc5
> For curve P-256, SEED = c49d3608 86e70493 6a6678e1 139d26b7 819f7e90
> etcetera...
> On Mon, Oct 13, 2014 at 10:43 AM, Krisztián Pintér <pinterkr at gmail.com>
> wrote:
>> On Mon, Oct 13, 2014 at 5:38 PM, Ryan Carboni <ryacko at gmail.com> wrote:
>> >> > However, considering one of the scenarios where these curves might be
>> >> > compromised (the NSA knew of weaknesses in certain curves, and
>> >> > engineered
>> >> > the NIST Prime curves to be subject to those weaknesses)
>> > I forget, what was the original inputs to the hash?
>> another unexplained constant, if i'm not mistaken. it makes no sense
>> in any circumstances.
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20141013/83ab9024/attachment.html>

More information about the cryptography mailing list