On Mon, Sep 9, 2013 at 10:37 AM, Nemo <[email protected]> wrote: > The approach appears to be an attempt at a "nothing up my sleeve" > construction. Appendix A says how to start with a seed value and use SHA-1 > as a psuedo-random generator to produce candidate curves until a suitable > one is found. >
The question is... suitable for what? djb argues it could be used to find a particularly weak curve, depending on what your goals are: http://i.imgur.com/o6Y19uL.png (originally from http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf) -- Tony Arcieri
_______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
