On Fri, 06 Sep 2013 12:13:48 +1200 Peter Gutmann
<pgut...@cs.auckland.ac.nz> wrote:
> "Perry E. Metzger" <pe...@piermont.com> writes:
> >I would like to open the floor to *informed speculation* about
> Not informed since I don't work for them, but a connect-the-dots:
> 1. ECDSA/ECDH (and DLP algorithms in general) are incredibly
> brittle unless you get everything absolutely perfectly right.

I'm aware of the randomness issues for ECDSA, but what's the issue
with ECDH that you're thinking of?

> 2. The NSA has been pushing awfully hard to get everyone to switch

Yes, and 24 hours ago I would have said that was because they
themselves depended on the use of commercial products with such
algorithms available (as in Suite B.) Now I'm less sure.

> Wasn't Suite B promulgated in the 2005-2006 period?

Yes, though it doesn't sound like Suite B is what the article
meant when discussing standards.

> Peter (who choses RSA over ECC any time, follow a few basic rules
> and you're safe with RSA while ECC is vulnerable to all manner of
> attacks, including many yet to be discovered).

Many people out there seem to claim the opposite of course. The
current situation doesn't give us a definitive way to resolve such an

RSA certainly appears to require vastly longer keys for the same
level of assurance as ECC.

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to