On 09/06/2013 01:25 PM, Jerry Leichter wrote:
A response he wrote as part of a discussion at 

Q: "Could the NSA be intercepting downloads of open-source encryption software and 
silently replacing these with their own versions?"

A: (Schneier) Yes, I believe so.
                                                         -- Jerry

Here is another interesting comment, on the same discussion.


Schneier states of discrete logs over ECC: "I no longer trust the constants.
I believe the NSA has manipulated them through their relationships with 

Is he referring to the "standard" set of ECC curves in use?  Is it possible
to select ECC curves specifically so that there's a backdoor in cryptography
based on those curves?

I know that hardly anybody using ECC bothers to find their own curve; they
tend to use the standard ones because finding their own involves counting all
the integral points and would be sort of compute expensive, in addition to
being involved and possibly error prone if there's a flaw in the implementation.

But are the standard ECC curves really secure? Schneier sounds like he's got
some innovative math in his next paper if he thinks he can show that they


The cryptography mailing list

Reply via email to