On Sep 7, 2013, at 2:36 PM, Ray Dillinger wrote:
<SNIP!>
> 
> Schneier states of discrete logs over ECC: "I no longer trust the constants.
> I believe the NSA has manipulated them through their relationships with 
> industry."
> 
> Is he referring to the "standard" set of ECC curves in use?  Is it possible
> to select ECC curves specifically so that there's a backdoor in cryptography
> based on those curves?

That very statement prompted me to start the Suite B thread a couple of days 
ago.

What concerns me most about ECC is that your choices seem to be the IEEE 
Standard curves (which have NSA input, IIRC), or ones that will bring down the 
wrath of Certicom (Slogan:  "We're RSA Inc. for the 21st Century!").

I've said this repeatedly over the past year, but if whomever ends up buying 
Certicom-owner Blackberry would set them free, it would help humanity (at the 
cost of the patent revenues, alas).

Dan

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to